Debian Security Advisory

DLA-41-1 python-imaging -- LTS security update

Date Reported:

24 Aug 2014

Affected Packages:

python-imaging

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-3589.

More information:

Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.

For Debian 6 Squeeze, these issues have been fixed in python-imaging version 1.1.7-2+deb6u1