Main Vulnerability Database SB2015031806

SB2015031806 - Input validation error in py-pillow (Alpine package)

Published: March 18, 2015

Security Bulletin ID SB2015031806

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2014-9601)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=4a8c95892c6165335cf1597d8c0e7e7e577706f3
https://git.alpinelinux.org/aports/commit/?id=6a2c70aa7830dd613e8e5de79fbbc98715795f90