{"id":"UBUNTU-CVE-2014-9601","details":"Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.","modified":"2026-01-30T00:28:49.460171Z","published":"2015-01-16T00:00:00Z","related":["USN-3090-1","USN-3090-2","USN-3229-1","USN-3230-1"],"upstream":["CVE-2014-9601"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9601"},{"type":"REPORT","url":"https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/"},{"type":"REPORT","url":"https://github.com/python-pillow/Pillow/pull/1060"},{"type":"REPORT","url":"http://pillow.readthedocs.org/releasenotes/2.7.0.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3090-2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3090-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3230-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3229-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-9601"}],"affected":[{"package":{"name":"pillow","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/pillow@2.3.0-1ubuntu3.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.0-1ubuntu3.4"}]}],"versions":["2.2.1-1ubuntu2","2.2.1-2ubuntu1","2.2.1-3ubuntu2","2.2.1-3ubuntu3","2.2.1-3ubuntu4","2.2.1-3ubuntu6","2.3.0-1ubuntu1","2.3.0-1ubuntu2","2.3.0-1ubuntu3","2.3.0-1ubuntu3.2","2.3.0-1ubuntu3.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python-imaging"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python-imaging-compat"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python-imaging-sane"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python-imaging-tk"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python-pil"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python-pil.imagetk"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python-sane"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python3-imaging"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python3-imaging-sane"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python3-imaging-tk"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python3-pil"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python3-pil.imagetk"},{"binary_version":"2.3.0-1ubuntu3.4","binary_name":"python3-sane"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-9601.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"low"}]}