Published: 25/08/2014 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow prior to 2.3.2 and 2.5.x prior to 2.5.2 allows remote malicious users to cause a denial of service via a crafted block size.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python pillow 2.5.2
python pillow 2.5.1
python pillow
python pillow 2.3.0
debian python-imaging -
python pillow 2.5.0
opensuse opensuse 13.2

Debian Bug report logs - #758772 CVE-2014-3589 Package: src:pillow; Maintainer for src:pillow is Matthias Klose <doko@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 21 Aug 2014 06:45:01 UTC Severity: important Tags: security Fixed in version pillow/253-1 Done: Matthias Klose <doko@deb ...

USN-3090-1 fixed vulnerabilities in Pillow The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images This update temporarily reverts the security fix for CVE-2014-9601 pending further investigation ...

Pillow could be made to crash if it received specially crafted input or opened a specially crafted file ...

Python Imaging Libary could be made to crash if it received specially crafted input or opened a specially crafted file ...

CWE-20 https://pypi.python.org/pypi/Pillow/2.5.2 https://pypi.python.org/pypi/Pillow/2.3.2 http://www.debian.org/security/2014/dsa-3009 https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html http://secunia.com/advisories/59825 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772 https://nvd.nist.gov https://usn.ubuntu.com/3090-2/

CVE-2014-3589

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect