Improper input validation in Python Pillow

CVE-2014-3589

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.014 (80.7th percentile) — read the EPSS interpretation.

Affected products

Python Pillow — versions 2.3.0, 2.5.0, 2.5.1
Debian Python-imaging
Opensuse — versions 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secalert@redhat.com (x_refsource_CONFIRM, Patch)
openSUSE-SU-2015:0798 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
DSA-3009 (vendor-advisory, x_refsource_DEBIAN)
59825 (x_refsource_SECUNIA, third-party-advisory)