CVE-2014-9601

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html

http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html

http://pillow.readthedocs.org/releasenotes/2.7.0.html

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/bid/77758

https://github.com/python-pillow/Pillow/pull/1060

https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/

Details

Source: MITRE

Published: 2015-01-16

Updated: 2018-10-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
151376EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2021-2163)NessusHuawei Local Security Checks
medium
148071EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-1702)NessusHuawei Local Security Checks
high
147492EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2021-1383)NessusHuawei Local Security Checks
high
147468EulerOS Virtualization 3.0.2.6 : python-pillow (EulerOS-SA-2021-1421)NessusHuawei Local Security Checks
high
147028EulerOS Virtualization 3.0.6.6 : python-pillow (EulerOS-SA-2021-1515)NessusHuawei Local Security Checks
high
132189EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2019-2654)NessusHuawei Local Security Checks
high
131591EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2019-2437)NessusHuawei Local Security Checks
high
97723Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : pillow vulnerabilities (USN-3230-1)NessusUbuntu Local Security Checks
high
97722Ubuntu 12.04 LTS : python-imaging vulnerabilities (USN-3229-1)NessusUbuntu Local Security Checks
high
93827Ubuntu 14.04 LTS : Pillow regression (USN-3090-2)NessusUbuntu Local Security Checks
medium
93775Ubuntu 14.04 LTS : Pillow vulnerabilities (USN-3090-1)NessusUbuntu Local Security Checks
medium
83160openSUSE Security Update : python-Pillow (openSUSE-2015-337)NessusSuSE Local Security Checks
medium
82352Mandriva Linux Security Advisory : python-pillow (MDVSA-2015:099)NessusMandriva Local Security Checks
critical
80896Fedora 21 : python-pillow-2.6.1-2.fc21 (2015-0667)NessusFedora Local Security Checks
medium