Lucene search

K

GoogleOSV:GHSA-CFMR-38G9-F2H7

HistoryMay 14, 2022 - 2:05 a.m.

Pillow denial of service via Crafted Block Size

2022-05-1402:05:20

Google

osv.dev

7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.7%

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

CPENameOperatorVersion
pilloweq1.5
pilloweq1.7.2
pilloweq1.7.7
pilloweq1.1
pilloweq1.7.6
pilloweq1.7.4
pilloweq2.2.1
pilloweq2.3.1
pilloweq1.7.1
pilloweq1.7.0

Rows per page:

1-10 of 251

References

lists.opensuse.org/opensuse-updates/2015-04/msg00056.html

www.debian.org/security/2014/dsa-3009

github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d

github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335

github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd

nvd.nist.gov/vuln/detail/CVE-2014-3589

pypi.python.org/pypi/Pillow/2.3.2

pypi.python.org/pypi/Pillow/2.5.2

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.7%

Related for OSV:GHSA-CFMR-38G9-F2H7

openvas16 debian2 github1 nessus16 prion1 ubuntucve1 mageia1 osv2 cve1 securityvulns4 debiancve1 cvelist1 fedora4 ubuntu3