It was discovered that there were three vulnerabilities in Pillow, an
imaging library for the Python programming language
There is a DoS vulnerability in Pillow before 6.2.2 caused by
FpxImagePlugin.py calling the range function on an unvalidated 32-bit
integer if the number of bands is large. On Windows running 32-bit Python,
this results in an OverflowError or MemoryError due to the 2 GB limit.
However, on Linux running 64-bit Python this results in the process being
terminated by the OOM killer.
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer
For Debian 8 Jessie, these problems have been fixed in version
We recommend that you upgrade your pillow packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS