CVE-2014-3589 — Improper Input Validation in Pillow

CWE-20 — Improper Input Validation CWE-835 — Infinite Loop15 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Pillow Opensuse

Timeline

PublishedAug 25

Latest updateMay 14

Description

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶PyPIpython/pillow2.5 — 2.5.2+1

▶Debianpython/pillow< 2.5.3-1+3

▶Ubuntupython/pillow< 2.3.0-1ubuntu3.3+1

▶NVDpython/pillow2.3.1+4

▶NVDopensuse/opensuse13.2

Patches

Patch: github.com ↗Patch: pypi.python.org ↗Patch: pypi.python.org ↗

🔴Vulnerability Details

OSV

Pillow denial of service via Crafted Block Size↗2022-05-14

▶

GHSA

Pillow denial of service via Crafted Block Size↗2022-05-14

▶

OSV

Pillow regression↗2016-09-30

▶

OSV

Pillow vulnerabilities↗2016-09-27

▶

OSV

CVE-2014-3589: PIL/IcnsImagePlugin↗2014-08-25

▶

📋Vendor Advisories

Ubuntu

Pillow regresssion↗2016-09-30

▶

Ubuntu

Pillow vulnerabilities↗2016-09-27

▶

Ubuntu

Python Imaging Library vulnerabilities↗2016-09-15

▶

Red Hat

python-imaging: DoS in IcnsImagePlugin↗2014-08-13

▶

Debian

CVE-2014-3589: pillow - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 a...↗2014

▶

💬Community

Bugzilla

CVE-2014-3589 python26-imaging: python-pillow: DoS in IcnsImagePlugin [epel-5]↗2014-11-10

▶

Bugzilla

CVE-2014-3589 python-pillow: DoS in IcnsImagePlugin [fedora-all]↗2014-08-16

▶

Bugzilla

CVE-2014-3589 python-pillow, python-imaging: DoS in IcnsImagePlugin↗2014-08-16

▶