5
CVSSv2

CVE-2014-3589

Published: 25/08/2014 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow prior to 2.3.2 and 2.5.x prior to 2.5.2 allows remote malicious users to cause a denial of service via a crafted block size.

Vulnerable Product Search on Vulmon Subscribe to Product

debian python-imaging -

python pillow 2.3.0

python pillow

python pillow 2.5.0

python pillow 2.5.1

python pillow 2.5.2

opensuse opensuse 13.2

Vendor Advisories

Debian Bug report logs - #758772 CVE-2014-3589 Package: src:pillow; Maintainer for src:pillow is Matthias Klose <doko@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 21 Aug 2014 06:45:01 UTC Severity: important Tags: security Fixed in version pillow/253-1 Done: Matthias Klose <doko@deb ...
Python Imaging Libary could be made to crash if it received specially crafted input or opened a specially crafted file ...
Pillow could be made to crash if it received specially crafted input or opened a specially crafted file ...
USN-3090-1 fixed vulnerabilities in Pillow The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images This update temporarily reverts the security fix for CVE-2014-9601 pending further investigation ...