Python Imaging Library and Pillow 'PIL/IcnsImagePlugin.py' Remote Denial of Service Vulnerability
BID:69352
Info
Python Imaging Library and Pillow 'PIL/IcnsImagePlugin.py' Remote Denial of Service Vulnerability
| Bugtraq ID: | 69352 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2014-3589 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 07 2014 12:00AM |
| Updated: | Sep 28 2016 09:01AM |
| Credit: | Andrew Drake of Dropbox |
| Vulnerable: |
Ubuntu Ubuntu Linux 14.04 LTS python Python Imaging Library 1.1.7 python Pillow 2.5.1 python Pillow 2.3.1 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
python Pillow 2.5.2 python Pillow 2.3.2 |
Discussion
Python Imaging Library and Pillow 'PIL/IcnsImagePlugin.py' Remote Denial of Service Vulnerability
Python Imaging Library and Pillow are prone to a remote denial-of-service vulnerability.
An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
Python Imaging Library and Pillow are prone to a remote denial-of-service vulnerability.
An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
Exploit / POC
Python Imaging Library and Pillow 'PIL/IcnsImagePlugin.py' Remote Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Python Imaging Library and Pillow 'PIL/IcnsImagePlugin.py' Remote Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
-
Mandriva python-imaging-1.1.7-6.2.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva python-imaging-devel-1.1.7-6.2.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
Python Imaging Library and Pillow 'PIL/IcnsImagePlugin.py' Remote Denial of Service Vulnerability
References:
References:
- Bug 1130711 - (CVE-2014-3589) CVE-2014-3589 python-pillow: DoS in IcnsImagePlugi (Red Hat Bugzilla)
- Icns DOS fix -- CVE-2014-3589 (wiredfool)
- Pillow 2.3.2 Changelog (Python Software Foundation)
- Pillow 2.5.2 Changelog (Python Software Foundation)
- Pillow Homepage (Python)
- Python Imaging Library (PIL) Homepage (Python)