Описание
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pillow | fixed | 2.6.1-2 | package | |
| python-imaging | removed | package | ||
| python-imaging | no-dsa | wheezy | package | |
| python-imaging | no-dsa | squeeze | package |
Примечания
https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
http://web.archive.org/web/20150921104441/http://pillow.readthedocs.org:80/releasenotes/2.7.0.html#png-text-chunk-size-limits
Связанные уязвимости
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
