High severityNVD Advisory· Published May 1, 2015· Updated May 6, 2026
CVE-2014-3598
CVE-2014-3598
Description
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 2.5.3 | 2.5.3 |
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-j6f7-g425-4gmxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3598ghsaADVISORY
- pypi.python.org/pypi/Pillow/2.5.3nvdVendor AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2015-04/msg00056.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yamlghsaWEB
- github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657dghsaWEB
News mentions
0No linked articles in our index yet.