CVE-2014-3598Infinite Loop in Pillow

CWE-399CWE-835Infinite Loop8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 39.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Python PillowOpensuse
Timeline
PublishedMay 1
Latest updateMay 14

Description

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

PyPIpython/pillow< 2.5.3
Debianpython/pillow< 2.5.3-1+3
NVDpython/pillow2.5.2

🔴Vulnerability Details

4
GHSA
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin2022-05-14
OSV
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin2022-05-14
CVEList
CVE-2014-3598: The Jpeg2KImagePlugin plugin in Pillow before 22015-05-01
OSV
CVE-2014-3598: The Jpeg2KImagePlugin plugin in Pillow before 22015-05-01

📋Vendor Advisories

2
Red Hat
python-pillow: Jpeg2KImagePlugin infinite loop DoS2014-09-01
Debian
CVE-2014-3598: pillow - The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to c...2014

💬Community

1
Bugzilla
CVE-2014-3598 python-pillow: Jpeg2KImagePlugin infinite loop DoS2014-11-12
CVE-2014-3598 — Infinite Loop in Python Pillow | cvebase