Pillow denial of service via Crafted Block Size

GHSA-cfmr-38g9-f2h7 · CVE-2014-3589 · PYSEC-2014-10

Published May 14, 2022 · Modified Oct 8, 2024

Description

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3589
WEB https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
WEB https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
WEB https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
WEB https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
PACKAGE https://github.com/python-pillow/Pillow
WEB https://pypi.python.org/pypi/Pillow/2.3.2
WEB https://pypi.python.org/pypi/Pillow/2.5.2
WEB http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
WEB http://www.debian.org/security/2014/dsa-3009

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes