High severityNVD Advisory· Published Aug 25, 2014· Updated Jun 17, 2026
CVE-2014-3589
CVE-2014-3589
Description
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 2.3.2 | 2.3.2 |
pillowPyPI | >= 2.5, < 2.5.2 | 2.5.2 |
Affected products
14- cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*range: <=2.3.1
- cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
- ghsa-coords7 versionspkg:pypi/pillowpkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Tumbleweedpkg:rpm/suse/calamari-clients&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/ceph-deploy&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-djangorestframework&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%201.0
< 2.3.2+ 6 more
- (no CPE)range: < 2.3.2
- (no CPE)range: < 3.4.2-1.1
- (no CPE)range: < 1.2.2+git.1428648634.40dfe5b-3.1
- (no CPE)range: < 1.5.19+git.1431355031.6178cf3-9.1
- (no CPE)range: < 0.80.9-5.1
- (no CPE)range: < 2.3.12-4.2
- (no CPE)range: < 2.7.0-4.1
Patches
Vulnerability mechanics
References
11- github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7dnvdPatchWEB
- pypi.python.org/pypi/Pillow/2.3.2nvdPatchWEB
- pypi.python.org/pypi/Pillow/2.5.2nvdPatchWEB
- github.com/advisories/GHSA-cfmr-38g9-f2h7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3589ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2015-04/msg00056.htmlnvdWEB
- www.debian.org/security/2014/dsa-3009nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yamlghsaWEB
- github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335ghsaWEB
- github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcdghsaWEB
- secunia.com/advisories/59825nvd
News mentions
0No linked articles in our index yet.