Skip to content

Pillow denial of service via Crafted Block Size

Moderate severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Aug 16, 2023

Package

pip pillow (pip)

Affected versions

< 2.3.2
>= 2.5, < 2.5.2

Patched versions

2.3.2
2.5.2

Description

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

References

Published by the National Vulnerability Database Aug 25, 2014
Published to the GitHub Advisory Database May 14, 2022
Last updated Aug 16, 2023
Reviewed Aug 16, 2023

Severity

Moderate

Weaknesses

CVE ID

CVE-2014-3589

GHSA ID

GHSA-cfmr-38g9-f2h7

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.