{"url":"http://public2.vulnerablecode.io/api/packages/55078?format=json","purl":"pkg:pypi/pillow@2.5","type":"pypi","namespace":"","name":"pillow","version":"2.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"12.2.0","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5410?format=json","vulnerability_id":"VCID-vz9s-jqpb-2ybf","summary":"PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html"},{"reference_url":"http://osvdb.org/show/osvdb/110128","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/show/osvdb/110128"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3589","reference_id":"","reference_type":"","scores":[{"value":"0.00808","scoring_system":"epss","scoring_elements":"0.74154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00808","scoring_system":"epss","scoring_elements":"0.74187","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00808","scoring_system":"epss","scoring_elements":"0.7416","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80494","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80477","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80482","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80463","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80441","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80426","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80409","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80543","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80332","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80343","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80371","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.8037","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.8034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80402","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.8054","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01389","scoring_system":"epss","scoring_elements":"0.80536","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3589"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589"},{"reference_url":"http://seclists.org/bugtraq/2014/Sep/25","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/bugtraq/2014/Sep/25"},{"reference_url":"http://secunia.com/advisories/59825","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59825"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd"},{"reference_url":"https://pypi.python.org/pypi/Pillow/2.3.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.python.org/pypi/Pillow/2.3.2"},{"reference_url":"https://pypi.python.org/pypi/Pillow/2.5.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.python.org/pypi/Pillow/2.5.2"},{"reference_url":"http://www.debian.org/security/2014/dsa-3009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-3009"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1130711","reference_id":"1130711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1130711"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772","reference_id":"758772","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3589","reference_id":"CVE-2014-3589","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3589"},{"reference_url":"https://github.com/advisories/GHSA-cfmr-38g9-f2h7","reference_id":"GHSA-cfmr-38g9-f2h7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfmr-38g9-f2h7"},{"reference_url":"https://usn.ubuntu.com/3080-1/","reference_id":"USN-3080-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3080-1/"},{"reference_url":"https://usn.ubuntu.com/3090-1/","reference_id":"USN-3090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/3521?format=json","purl":"pkg:pypi/pillow@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-1vt7-c6e3-7qc8"},{"vulnerability":"VCID-366h-8f99-r7at"},{"vulnerability":"VCID-3qb5-8p8w-gkad"},{"vulnerability":"VCID-3uk9-eds5-rkgc"},{"vulnerability":"VCID-53ac-ceq4-qkhf"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-6gyu-fzpg-c3bn"},{"vulnerability":"VCID-8n2b-wvya-53e1"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-and9-6jty-pyeq"},{"vulnerability":"VCID-aubw-tsmn-ffcq"},{"vulnerability":"VCID-avx2-mahw-mqes"},{"vulnerability":"VCID-b3au-rcgp-2fag"},{"vulnerability":"VCID-b5a2-83ej-puaw"},{"vulnerability":"VCID-brp2-dtrf-jyfr"},{"vulnerability":"VCID-cas2-jb3y-vyhz"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-df4x-jt3h-17hx"},{"vulnerability":"VCID-dgds-v95g-pbcv"},{"vulnerability":"VCID-dpc3-td9q-dyee"},{"vulnerability":"VCID-e3gp-zc2b-budg"},{"vulnerability":"VCID-en6t-uxtq-bfek"},{"vulnerability":"VCID-g46h-p8jk-cuhc"},{"vulnerability":"VCID-gvjw-funa-sqak"},{"vulnerability":"VCID-h4x7-7fke-mqgp"},{"vulnerability":"VCID-haum-8zpg-6kgf"},{"vulnerability":"VCID-hmmq-5772-bycm"},{"vulnerability":"VCID-khp6-9hfx-1kge"},{"vulnerability":"VCID-m3tm-h4q9-9yay"},{"vulnerability":"VCID-ma2g-2f8d-dqa9"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-n1w5-f5p7-xuhb"},{"vulnerability":"VCID-p6r3-puh1-zyg6"},{"vulnerability":"VCID-q4bb-qnxe-8bfa"},{"vulnerability":"VCID-qjqr-jyjn-xfh9"},{"vulnerability":"VCID-rncf-9nf8-wud3"},{"vulnerability":"VCID-sns1-ksqr-vbhr"},{"vulnerability":"VCID-stft-hsk9-zfdy"},{"vulnerability":"VCID-u1en-t8ux-uube"},{"vulnerability":"VCID-ue18-zzau-x7hy"},{"vulnerability":"VCID-uf5t-asns-tudp"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vwbu-ruxm-tbh4"},{"vulnerability":"VCID-vxh1-8rvt-kkak"},{"vulnerability":"VCID-vyzt-df2u-h3cc"},{"vulnerability":"VCID-w9uy-fnpm-cbak"},{"vulnerability":"VCID-x15z-dejc-9ba6"},{"vulnerability":"VCID-xesd-d294-7fcx"},{"vulnerability":"VCID-xk66-1d31-2qbk"},{"vulnerability":"VCID-yccg-zw89-vqff"},{"vulnerability":"VCID-zmd3-henq-r7bd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2"}],"aliases":["CVE-2014-3589","GHSA-cfmr-38g9-f2h7","PYSEC-2014-10"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vz9s-jqpb-2ybf"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5"}