Debian Security Advisory

DLA-41-1 python-imaging -- LTS security update

Date Reported:
24 Aug 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-3589.
More information:

Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

For Debian 6 Squeeze, these issues have been fixed in python-imaging version 1.1.7-2+deb6u1