cbcvebase.
CVE-2014-3598
published 2015-05-01

CVE-2014-3598: The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

medium5CVSS 3.1
AVNACLAuNCNINAP
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianpillow< pillow 2.5.3-1 (bookworm)pillow 2.5.3-1 (bookworm)
opensuseopensuse
pythonpillow<= 2.5.2
pythonpillow>= 0 < 2.5.3-12.5.3-1
pythonpillow>= 0 < 2.5.3-12.5.3-1
pythonpillow>= 0 < 2.5.3-12.5.3-1
pythonpillow>= 0 < 2.5.3-12.5.3-1
pythonpillow>= 0 < 2.5.32.5.3

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM