CVE-2014-3589: Pillow denial of service via Crafted Block Size
(updated )
PIL/IcnsImagePlugin.py
in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
References
- github.com/advisories/GHSA-cfmr-38g9-f2h7
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
- github.com/python-pillow/Pillow
- github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
- github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
- github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
- nvd.nist.gov/vuln/detail/CVE-2014-3589
- pypi.python.org/pypi/Pillow/2.3.2
- pypi.python.org/pypi/Pillow/2.5.2
Detect and mitigate CVE-2014-3589 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →