High severityNVD Advisory· Published Aug 25, 2014· Updated May 6, 2026

CVE-2014-3589

Description

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pillowPyPI	< 2.3.2	2.3.2
pillowPyPI	>= 2.5, < 2.5.2	2.5.2

Affected products

Debian/Python Imaging
cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
Python (programming language)/Pillow5 versions
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*range: <=2.3.1
- cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7dnvdPatchWEB
pypi.python.org/pypi/Pillow/2.3.2nvdPatchWEB
pypi.python.org/pypi/Pillow/2.5.2nvdPatchWEB
github.com/advisories/GHSA-cfmr-38g9-f2h7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-3589ghsaADVISORY
lists.opensuse.org/opensuse-updates/2015-04/msg00056.htmlnvdWEB
www.debian.org/security/2014/dsa-3009nvdWEB
github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yamlghsaWEB
github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335ghsaWEB
github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcdghsaWEB
secunia.com/advisories/59825nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000