—
PYSEC-2014-10
Details
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pillow
Introduced in:
0 Fixed in: 205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d Fix
pip install --upgrade 'pillow>=205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d' References
- https://pypi.python.org/pypi/Pillow/2.5.2 [WEB]
- https://pypi.python.org/pypi/Pillow/2.3.2 [WEB]
- http://www.debian.org/security/2014/dsa-3009 [ADVISORY]
- https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d [FIX]
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html [WEB]
- http://secunia.com/advisories/59825 [ADVISORY]