High severityNVD Advisory· Published May 1, 2015· Updated Jun 17, 2026
CVE-2014-3598
CVE-2014-3598
Description
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 2.5.3 | 2.5.3 |
Affected products
9- ghsa-coords7 versionspkg:pypi/pillowpkg:rpm/opensuse/python-Pillow&distro=openSUSE%20Tumbleweedpkg:rpm/suse/calamari-clients&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/ceph-deploy&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-djangorestframework&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%201.0
< 2.5.3+ 6 more
- (no CPE)range: < 2.5.3
- (no CPE)range: < 3.4.2-1.1
- (no CPE)range: < 1.2.2+git.1428648634.40dfe5b-3.1
- (no CPE)range: < 1.5.19+git.1431355031.6178cf3-9.1
- (no CPE)range: < 0.80.9-5.1
- (no CPE)range: < 2.3.12-4.2
- (no CPE)range: < 2.7.0-4.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-j6f7-g425-4gmxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3598ghsaADVISORY
- pypi.python.org/pypi/Pillow/2.5.3nvdVendor AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2015-04/msg00056.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yamlghsaWEB
- github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657dghsaWEB
News mentions
0No linked articles in our index yet.