py-pillow: potential denial-of-service in PNG decompression code (CVE-2014-9601)
py-pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
CONFIRM: http://pillow.readthedocs.org/releasenotes/2.7.0.html
CONFIRM: https://github.com/python-pillow/Pillow/pull/1060
CONFIRM:
https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
(from redmine: issue id 4007, created on 2015-03-16, closed on 2015-03-18)
- Relations:
- child #4008 (closed)
- child #4009 (closed)