Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pillow@2.5
purl pkg:pypi/pillow@2.5
Tags Ghost
Next non-vulnerable version 12.1.1
Latest non-vulnerable version 12.2.0
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-vz9s-jqpb-2ybf
Aliases:
CVE-2014-3589
GHSA-cfmr-38g9-f2h7
PYSEC-2014-10
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
2.5.2
Affected by 53 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:30:39.454105+00:00 GHSA Importer Affected by VCID-vz9s-jqpb-2ybf https://github.com/advisories/GHSA-cfmr-38g9-f2h7 38.1.0
2026-04-01T12:50:39.863580+00:00 GitLab Importer Affected by VCID-vz9s-jqpb-2ybf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2014-3589.yml 38.0.0