ALT-PU-2015-2857-1 — python-module-Pillow

CVE-2014-3589

MEDIUM5.0

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Published: 2014-08-25Modified: 2025-04-12

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2014-3598

MEDIUM5.0

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

Published: 2015-05-01Modified: 2025-04-12

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2014-9601

MEDIUM5.0

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Published: 2015-01-16Modified: 2025-04-12

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

GHSA-cfmr-38g9-f2h7

HIGH8.7

Pillow denial of service via Crafted Block Size

Published: 2022-05-14Modified: 2024-10-08

CVSS 3.xHIGH 8.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0HIGH 8.7

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

GHSA-h5rf-vgqx-wjv2

HIGH8.7

Pillow denial of service via PNG bomb

Published: 2022-05-14Modified: 2024-10-09

CVSS 3.xHIGH 8.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0HIGH 8.7

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

GHSA-j6f7-g425-4gmx

HIGH8.7

Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin

Published: 2022-05-14Modified: 2024-10-09

CVSS 3.xHIGH 8.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0HIGH 8.7

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

Package update python-module-Pillow in branch sisyphus

Closed issues (6)

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Pillow denial of service via Crafted Block Size

Pillow denial of service via PNG bomb

Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin