[v3.0] py-pillow: potential denial-of-service in PNG decompression code (CVE-2014-9601)
py-pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
CONFIRM: http://pillow.readthedocs.org/releasenotes/2.7.0.html
CONFIRM: https://github.com/python-pillow/Pillow/pull/1060
CONFIRM:
https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
(from redmine: issue id 4008, created on 2015-03-16, closed on 2015-03-18)
- Relations:
- parent #4007 (closed)
- Changesets:
- Revision 4a8c9589 by Natanael Copa on 2015-03-18T10:25:44Z:
main/py-pillow: security upgrade to 2.7.0 (CVE-2014-9601)
fixes #4008