CVE-2014-9601: Pillow denial of service via PNG bomb
(updated )
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
References
- github.com/advisories/GHSA-h5rf-vgqx-wjv2
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-16.yaml
- github.com/python-pillow/Pillow
- github.com/python-pillow/Pillow/pull/1060
- nvd.nist.gov/vuln/detail/CVE-2014-9601
- web.archive.org/web/20200227221255/http://www.securityfocus.com/bid/77758
- www.djangoproject.com/weblog/2015/jan/02/pillow-security-release
Detect and mitigate CVE-2014-9601 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →