Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@2.5
Typepypi
Namespace
Namepillow
Version2.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.1.1
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-vz9s-jqpb-2ybf
vulnerability_id VCID-vz9s-jqpb-2ybf
summary PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
1
reference_url http://osvdb.org/show/osvdb/110128
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/110128
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3589
reference_id
reference_type
scores
0
value 0.00808
scoring_system epss
scoring_elements 0.74154
published_at 2026-04-01T12:55:00Z
1
value 0.00808
scoring_system epss
scoring_elements 0.7416
published_at 2026-04-02T12:55:00Z
2
value 0.00808
scoring_system epss
scoring_elements 0.74187
published_at 2026-04-04T12:55:00Z
3
value 0.01389
scoring_system epss
scoring_elements 0.80376
published_at 2026-04-21T12:55:00Z
4
value 0.01389
scoring_system epss
scoring_elements 0.80371
published_at 2026-04-18T12:55:00Z
5
value 0.01389
scoring_system epss
scoring_elements 0.8037
published_at 2026-04-16T12:55:00Z
6
value 0.01389
scoring_system epss
scoring_elements 0.8034
published_at 2026-04-13T12:55:00Z
7
value 0.01389
scoring_system epss
scoring_elements 0.80347
published_at 2026-04-12T12:55:00Z
8
value 0.01389
scoring_system epss
scoring_elements 0.80361
published_at 2026-04-11T12:55:00Z
9
value 0.01389
scoring_system epss
scoring_elements 0.80343
published_at 2026-04-09T12:55:00Z
10
value 0.01389
scoring_system epss
scoring_elements 0.80332
published_at 2026-04-08T12:55:00Z
11
value 0.01389
scoring_system epss
scoring_elements 0.80304
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3589
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
5
reference_url http://seclists.org/bugtraq/2014/Sep/25
reference_id
reference_type
scores
url http://seclists.org/bugtraq/2014/Sep/25
6
reference_url http://secunia.com/advisories/59825
reference_id
reference_type
scores
url http://secunia.com/advisories/59825
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
10
reference_url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
11
reference_url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
12
reference_url https://pypi.python.org/pypi/Pillow/2.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.3.2
13
reference_url https://pypi.python.org/pypi/Pillow/2.5.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.5.2
14
reference_url http://www.debian.org/security/2014/dsa-3009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-3009
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1130711
reference_id 1130711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1130711
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772
reference_id 758772
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
reference_id CVE-2014-3589
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
25
reference_url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
reference_id GHSA-cfmr-38g9-f2h7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
26
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
27
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@2.5.2
purl pkg:pypi/pillow@2.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-366h-8f99-r7at
3
vulnerability VCID-3qb5-8p8w-gkad
4
vulnerability VCID-3uk9-eds5-rkgc
5
vulnerability VCID-53ac-ceq4-qkhf
6
vulnerability VCID-5rv4-k1q9-zue2
7
vulnerability VCID-64n5-pugj-vue8
8
vulnerability VCID-6gyu-fzpg-c3bn
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-avx2-mahw-mqes
14
vulnerability VCID-b3au-rcgp-2fag
15
vulnerability VCID-b5a2-83ej-puaw
16
vulnerability VCID-brp2-dtrf-jyfr
17
vulnerability VCID-cas2-jb3y-vyhz
18
vulnerability VCID-d7uf-zdbv-sba1
19
vulnerability VCID-df4x-jt3h-17hx
20
vulnerability VCID-dgds-v95g-pbcv
21
vulnerability VCID-dpc3-td9q-dyee
22
vulnerability VCID-e3gp-zc2b-budg
23
vulnerability VCID-en6t-uxtq-bfek
24
vulnerability VCID-g46h-p8jk-cuhc
25
vulnerability VCID-gvjw-funa-sqak
26
vulnerability VCID-h4x7-7fke-mqgp
27
vulnerability VCID-haum-8zpg-6kgf
28
vulnerability VCID-hmmq-5772-bycm
29
vulnerability VCID-khp6-9hfx-1kge
30
vulnerability VCID-m3tm-h4q9-9yay
31
vulnerability VCID-ma2g-2f8d-dqa9
32
vulnerability VCID-n1hp-atex-ubh4
33
vulnerability VCID-n1w5-f5p7-xuhb
34
vulnerability VCID-p6r3-puh1-zyg6
35
vulnerability VCID-q4bb-qnxe-8bfa
36
vulnerability VCID-qjqr-jyjn-xfh9
37
vulnerability VCID-rncf-9nf8-wud3
38
vulnerability VCID-sns1-ksqr-vbhr
39
vulnerability VCID-stft-hsk9-zfdy
40
vulnerability VCID-u1en-t8ux-uube
41
vulnerability VCID-ue18-zzau-x7hy
42
vulnerability VCID-uf5t-asns-tudp
43
vulnerability VCID-vdzj-kqfy-d3b7
44
vulnerability VCID-vwbu-ruxm-tbh4
45
vulnerability VCID-vxh1-8rvt-kkak
46
vulnerability VCID-vyzt-df2u-h3cc
47
vulnerability VCID-w9uy-fnpm-cbak
48
vulnerability VCID-x15z-dejc-9ba6
49
vulnerability VCID-xesd-d294-7fcx
50
vulnerability VCID-xk66-1d31-2qbk
51
vulnerability VCID-yccg-zw89-vqff
52
vulnerability VCID-zmd3-henq-r7bd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2
aliases CVE-2014-3589, GHSA-cfmr-38g9-f2h7, PYSEC-2014-10
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vz9s-jqpb-2ybf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5