{"id":"MGASA-2020-0088","summary":"Updated python-pillow packages fix security vulnerabilities","details":"Updated python-pillow packages fix security vulnerabilities:\n\nIt was discovered that Pillow incorrectly handled certain images. An attacker\ncould possibly use this issue to cause a denial of service (CVE-2019-16865,\nCVE-2019-19911).\n\nIt was discovered that Pillow incorrectly handled certain TIFF images. An\nattacker could possibly use this issue to cause a crash (CVE-2020-5310).\n\nIt was discovered that Pillow incorrectly handled certain SGI images. An\nattacker could possibly use this issue to execute arbitrary code or cause\na crash (CVE-2020-5311).\n\nIt was discovered that Pillow incorrectly handled certain PCX images. An\nattacker could possibly use this issue to execute arbitrary code or cause\na crash (CVE-2020-5312).\n\nIt was discovered that Pillow incorrectly handled certain Flip images. An\nattacker could possibly use this issue to execute arbitrary code or cause\na crash (CVE-2020-5313).\n","modified":"2026-04-16T04:41:39.506973960Z","published":"2020-02-18T14:05:53Z","upstream":["CVE-2019-16865","CVE-2019-19911","CVE-2020-5310","CVE-2020-5311","CVE-2020-5312","CVE-2020-5313"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0088.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25968"},{"type":"WEB","url":"https://usn.ubuntu.com/4272-1/"}],"affected":[{"package":{"name":"python-pillow","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/python-pillow?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.1-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0088.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}