CVE-2014-9601
published 2015-01-16CVE-2014-9601: Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is…
medium5CVSS 3.1
AVNACLAuNCNINAP
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pillow | < pillow 2.6.1-2 (bookworm) | pillow 2.6.1-2 (bookworm) |
| fedoraproject | fedora | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
| python | pillow | <= 2.6.2 | — |
| python | pillow | >= 0 < 2.6.1-2 | 2.6.1-2 |
| python | pillow | >= 0 < 2.6.1-2 | 2.6.1-2 |
| python | pillow | >= 0 < 2.6.1-2 | 2.6.1-2 |
| python | pillow | >= 0 < 2.6.1-2 | 2.6.1-2 |
| python | pillow | >= 0 < 2.7.0 | 2.7.0 |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.3 | 2.3.0-1ubuntu3.3 |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.2 | 2.3.0-1ubuntu3.2 |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.4 | 2.3.0-1ubuntu3.4 |
| python | pillow | >= 0 < 3.1.2-0ubuntu1.1 | 3.1.2-0ubuntu1.1 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM