USN-3090-1: Pillow vulnerabilities
USN-3090-1: Pillow vulnerabilities Ubuntu Security Notice USN-3090-1 27th September, 2016 Pillow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Pillow could be made to crash if it received specially crafted input or opened a specially crafted file. Software description pillow – Python Imaging Library compatibility layer Details It was discovered that a flaw in processing a compressed text chunk ina PNG image could cause the image to have a large size when decompressed,potentially leading to a denial of service. (CVE-2014-9601) Andrew Drake discovered that Pillow incorrectly validated input. A remoteattacker could use this to cause Pillow to crash, resulting in a denialof service. (CVE-2014-3589) Eric Soroos discovered that Pillow incorrectly handled certain malformedFLI, Tiff, and PhotoCD files. A remote attacker could use this issue tocause Pillow to crash, resulting in a denial [ more… ]