CVE-2014-3589 Ubuntu Security Notification for Pillow Vulnerabilities (USN-3090-1)

A flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed.

It was discovered that Pillow incorrectly validated input.

It was discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files.

An attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2014-9601)

A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. (CVE-2014-3589)

A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)

Refer to Ubuntu advisory USN-3090-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3090-1: 14.04 (Kylin) on src (python-imaging)

USN-3090-1: 14.04 (Kylin) on src (python3-pil)

USN-3090-1: 14.04 (Kylin) on src (python-pil)

USN-3090-1: 14.04 (Kylin) on src (python3-imaging)