CVE-2014-9601
Published: 16 January 2015
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
Priority
Status
Package | Release | Status |
---|---|---|
pillow Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(2.3.0-1ubuntu3.4)
|
|
upstream |
Released
(2.7.0)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(2.7.0-1)
|
|
wily |
Not vulnerable
(2.7.0-1)
|
|
xenial |
Not vulnerable
(2.7.0-1)
|
|
yakkety |
Not vulnerable
(2.7.0-1)
|
|
Patches: upstream: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40 |
||
python-imaging Launchpad, Ubuntu, Debian |
precise |
Released
(1.1.7-4ubuntu0.12.04.3)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
References
- https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
- https://github.com/python-pillow/Pillow/pull/1060
- http://pillow.readthedocs.org/releasenotes/2.7.0.html
- https://ubuntu.com/security/notices/USN-3090-2
- https://ubuntu.com/security/notices/USN-3090-1
- https://ubuntu.com/security/notices/USN-3230-1
- https://ubuntu.com/security/notices/USN-3229-1
- https://www.cve.org/CVERecord?id=CVE-2014-9601
- NVD
- Launchpad
- Debian