-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pillow | pip | < 2.3.2 | 2.3.2 |
| pillow | pip | >= 2.5, < 2.5.2 | 2.5.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing input validation in the ICNS image parser. The GitHub patch adds a critical check for 'blocksize <= 0' in IcnsImagePlugin.py's init method, which directly addresses CVE-2014-3589. The unpatched code allowed malicious block sizes to trigger denial of service via invalid memory operations. The function's role in parsing ICNS headers and the explicit fix in this method confirm its vulnerability.
PythonPythonOngoing coverage of React2Shell