Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-9601

Published: 16/01/2015 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Python

Vulnerability Summary

Pillow prior to 2.7.0 allows remote malicious users to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python pillow

oracle solaris 11.2

fedoraproject fedora 21

opensuse opensuse 13.2

Vendor Advisories

Debian CVElist Bug Report Logs: pillow: CVE-2014-9601
Debian Bug report logs - #776303 pillow: CVE-2014-9601 Package: src:pillow; Maintainer for src:pillow is Matthias Klose <doko@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 26 Jan 2015 13:21:02 UTC Severity: important Tags: fixed-upstream, security, upstream Fixed in version pillow/261-2 ...
Ubuntu Security Notice: Pillow regression
USN-3090-1 fixed vulnerabilities in Pillow The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images This update temporarily reverts the security fix for CVE-2014-9601 pending further investigation ...
Ubuntu Security Notice: python-imaging vulnerabilities
Several security issues were fixed in the Python Imaging Library ...
Ubuntu Security Notice: Pillow vulnerabilities
Pillow could be made to crash if it received specially crafted input or opened a specially crafted file ...
Ubuntu Security Notice: pillow vulnerabilities
Several security issues were fixed in Pillow ...
Amazon Linux 2: ALAS2-2023-2083
Pillow before 270 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed (CVE-2014-9601) Pillow before 332 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue ...
Red Hat: CVE-2014-9601
Pillow before 270 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed ...

References

CWE-20https://github.com/python-pillow/Pillow/pull/1060https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/http://pillow.readthedocs.org/releasenotes/2.7.0.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00056.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/77758https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776303https://nvd.nist.govhttps://usn.ubuntu.com/3090-2/https://access.redhat.com/security/cve/cve-2014-9601
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook