{"id":"PYSEC-2014-10","details":"PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.","aliases":["CVE-2014-3589","GHSA-cfmr-38g9-f2h7"],"modified":"2023-11-01T05:30:13.617798Z","published":"2014-08-25T14:55:00Z","references":[{"type":"WEB","url":"https://pypi.python.org/pypi/Pillow/2.5.2"},{"type":"WEB","url":"https://pypi.python.org/pypi/Pillow/2.3.2"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-3009"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59825"}],"affected":[{"package":{"name":"pillow","ecosystem":"PyPI","purl":"pkg:pypi/pillow"},"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/Pillow","events":[{"introduced":"0"},{"fixed":"205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.2"},{"introduced":"2.5"},{"fixed":"2.5.2"}]}],"versions":["1.0","1.1","1.2","1.3","1.4","1.5","1.6","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","2.0.0","2.1.0","2.2.0","2.2.1","2.2.2","2.3.0","2.3.1","2.5.0","2.5.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2014-10.yaml"}}],"schema_version":"1.7.3"}