USN-3230-1

Advisory lineage Upstream: 6 Downstream: 0
Published: 13 Mar 2017, 17:04
Last modified:04 Feb 2026, 04:20

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Mar 2017, 17:04
Published
Vulnerability first disclosed
04 Feb 2026, 04:20
Last Modified
Vulnerability information updated

Description

pillow vulnerabilities It was discovered that Pillow incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9601) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2016-9189) Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9190)

Affected Systems

  • ubuntupillow

    < 2.3.0-1ubuntu3.4 | < 3.1.2-0ubuntu1.1

References (4)