Pillow/docs/releasenotes/2.5.2.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

15 lines
330 B
ReStructuredText
Raw Normal View History

2.5.2
-----
Security
========
:cve:`2014-3589`: Fix DOS attack
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-17 02:17:38 +03:00
``PIL/IcnsImagePlugin.py`` in Pillow before 2.3.2 and
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
block size.
2024-03-17 02:17:38 +03:00
Found and reported by Andrew Drake of `Dropbox <https://www.dropbox.com/>`__.