漏洞类别:Ubuntu
漏洞等级:
漏洞信息
A flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed.
It was discovered that Pillow incorrectly validated input.
It was discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files.
漏洞危害
An attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2014-9601)
A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. (CVE-2014-3589)
A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)
解决方案
Refer to Ubuntu advisory USN-3090-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3090-1: 14.04 (Kylin) on src (python-imaging)
USN-3090-1: 14.04 (Kylin) on src (python3-pil)
0day
文章评论