2 matches found
CVE-2014-9601
CVE-2014-9601 affects the Pillow library (Python Imaging Library) prior to 2.7.0. A crafted PNG image containing a large compressed text chunk can cause a denial of service when decompressed, due to resource exhaustion. The connected advisories and entries (e.g., Pillow 2.7.0 release notes and re...
CVE-2014-3598
CVE-2014-3598 affects the Python Pillow library. The vulnerability is in the Jpeg2KImagePlugin and is exploitable via a crafted image, allowing a denial-of-service condition. It concerns Pillow versions before 2.5.3; upgrading to 2.5.3 or newer mitigates the issue (per linked advisories and CVE r...