UBUNTU-CVE-2014-9601

Advisory lineage Upstream: 1 Downstream: 3

Upstream

CVE-2014-9601

Downstream

USN-3090-1 USN-3090-2 USN-3230-1

Published: 16 Jan 2015, 00:00

Last modified:04 Feb 2026, 02:52

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Jan 2015, 00:00

Published

Vulnerability first disclosed

04 Feb 2026, 02:52

Last Modified

Vulnerability information updated

Description

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Affected Systems

ubuntu•pillow
< 2.3.0-1ubuntu3.4

References (9)

https://ubuntu.com/security/CVE-2014-9601
https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
https://github.com/python-pillow/Pillow/pull/1060
http://pillow.readthedocs.org/releasenotes/2.7.0.html
https://ubuntu.com/security/notices/USN-3090-2
https://ubuntu.com/security/notices/USN-3090-1
https://ubuntu.com/security/notices/USN-3230-1
https://ubuntu.com/security/notices/USN-3229-1
https://www.cve.org/CVERecord?id=CVE-2014-9601