BD returning CVE-2015-5097.Gen for python package (Pillow 9.0.1)

Over the past month, BD has been returning a false positive for a standard file included within a package underlying python (specifically Pillow 9.0.1).

It appears that the issue is Pillow 9.0.1 fixes a previous vulnerability, however Bitdefender is still flagging a crash file as CVE-2015-5097.Gen

I have done some research and found that Bitdefender in particular is flagging this file, whereas others malware protection providers do not flag it. This is causing problems with me using python and any usual datascience dependencies, such as pandas, numpy, scipy, etc.

Lastly, despite excluding the local folder where the "offending" file is located (/opt/miniconda3), it is still being flagged in my backups, where I have already turned off Time Machine Protection.

Is this a known issue, and how do I resolve it?

Comments

  • Hello @breaksfr and welcome to the Community!

    I appreciate your comprehensive description of the issue. First, we need to determine if the flagging occurs in general, or if this is a specific case. I would recommend submitting the file to the Bitdefender Labs by using the form below:

    This way, if no vulnerabilty concerns are found, the security engineers will be able to remove the detection.

    Best regards.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Same error with my windows environment. When I use standard command as 'pip install easyocr'