Debian Security Advisory
DSA-3009-1 python-imaging -- security update
- Date Reported:
- 21 Aug 2014
- Affected Packages:
- python-imaging
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3589.
- More information:
-
Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.
For the stable distribution (wheezy), this problem has been fixed in version 1.1.7-4+deb7u1.
For the unstable distribution (sid), this problem has been fixed in version 2.5.3-1 of the pillow source package.
We recommend that you upgrade your python-imaging packages.