CVE-2014-3589

Published: 25 August 2014

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Priority

Low

Status

Package Release Status
pillow
Launchpad, Ubuntu, Debian
Upstream
Released (2.5.3-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.7.0-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.3.0-1ubuntu3.2)
Patches:
Upstream: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
python-imaging
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist