Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-422.NASL
HistoryFeb 22, 2016 - 12:00 a.m.

Debian DLA-422-1 : python-imaging security update

2016-02-2200:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.013 Low

EPSS

Percentile

85.9%

JSON

Two buffer overflows were discovered in python-imaging, a Python library for loading and manipulating image files, which may lead to the execution of arbitrary code.

CVE-2016-0775 Buffer overflow in FliDecode.c

The second buffer overflow was in PcdDecode.c. A CVE identifier has not been assigned yet.

For Debian 6 ‘Squeeze’, these problems have been fixed in version 1.1.7-2+deb6u2.

We recommend that you upgrade your python-imaging packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-422-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(88864);
  script_version("2.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2016-0775");

  script_name(english:"Debian DLA-422-1 : python-imaging security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Two buffer overflows were discovered in python-imaging, a Python
library for loading and manipulating image files, which may lead to
the execution of arbitrary code.

CVE-2016-0775   Buffer overflow in FliDecode.c

The second buffer overflow was in PcdDecode.c. A CVE identifier has
not been assigned yet.

For Debian 6 'Squeeze', these problems have been fixed in version
1.1.7-2+deb6u2.

We recommend that you upgrade your python-imaging packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2016/02/msg00014.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/python-imaging"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-imaging");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-imaging-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-imaging-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-imaging-sane");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-imaging-sane-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-imaging-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-imaging-tk-dbg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"python-imaging", reference:"1.1.7-2+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"python-imaging-dbg", reference:"1.1.7-2+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"python-imaging-doc", reference:"1.1.7-2+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"python-imaging-sane", reference:"1.1.7-2+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"python-imaging-sane-dbg", reference:"1.1.7-2+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"python-imaging-tk", reference:"1.1.7-2+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"python-imaging-tk-dbg", reference:"1.1.7-2+deb6u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxpython-imagingp-cpe:/a:debian:debian_linux:python-imaging
debiandebian_linuxpython-imaging-dbgp-cpe:/a:debian:debian_linux:python-imaging-dbg
debiandebian_linuxpython-imaging-docp-cpe:/a:debian:debian_linux:python-imaging-doc
debiandebian_linuxpython-imaging-sanep-cpe:/a:debian:debian_linux:python-imaging-sane
debiandebian_linuxpython-imaging-sane-dbgp-cpe:/a:debian:debian_linux:python-imaging-sane-dbg
debiandebian_linuxpython-imaging-tkp-cpe:/a:debian:debian_linux:python-imaging-tk
debiandebian_linuxpython-imaging-tk-dbgp-cpe:/a:debian:debian_linux:python-imaging-tk-dbg
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

nessus 18
cve 1
debiancve 1
github 1
osv 3
prion 1
cvelist 1
debian 2
ubuntucve 1
nvd 1
freebsd 1
amazon 1
fedora 2
openvas 14
mageia 1
ubuntu 3
gentoo 1
rosalinux 1
nessus
nessus
FreeBSD : py-imaging, py-pillow -- Buffer overflow in FLI decoding code (6ea60e00-cf13-11e5-805c-5453ed2e2b49)
2016-02-10 00:00:00
Amazon Linux 2 : python-pillow (ALAS-2024-2472)
2024-02-19 00:00:00
Fedora 23 : python-pillow-3.0.0-2.fc23 (2016-4b06195979)
2016-03-04 00:00:00
cve
cve
CVE-2016-0775
2016-04-13 16:59:02
debiancve
debiancve
CVE-2016-0775
2016-04-13 16:59:02
github
github
Pillow Buffer overflow in ImagingFliDecode
2018-07-24 20:15:36
osv
osv
Pillow Buffer overflow in ImagingFliDecode
2018-07-24 20:15:36
PYSEC-2016-6
2016-04-13 16:59:00
python-imaging - security update
2016-02-21 00:00:00
prion
prion
Buffer overflow
2016-04-13 16:59:00
cvelist
cvelist
CVE-2016-0775
2016-04-13 16:00:00
debian
debian
[SECURITY] [DLA 422-1] python-imaging security update
2016-02-21 14:05:06
[SECURITY] [DSA 3499-1] pillow security update
2016-02-28 22:14:45
ubuntucve
ubuntucve
CVE-2016-0775
2016-04-13 00:00:00
nvd
nvd
CVE-2016-0775
2016-04-13 16:59:02
freebsd
freebsd
py-imaging, py-pillow -- Buffer overflow in FLI decoding code
2016-02-05 00:00:00
amazon
amazon
Medium: python-pillow
2024-02-15 03:52:00
fedora
fedora
[SECURITY] Fedora 22 Update: python-pillow-2.8.2-4.fc22
2016-02-21 02:28:07
[SECURITY] Fedora 23 Update: python-pillow-3.0.0-2.fc23
2016-02-09 20:55:54
openvas
openvas
Fedora Update for python-pillow FEDORA-2016-4 (FC-22)
2016-02-21 00:00:00
Fedora Update for python-pillow FEDORA-2016-4 (FC-23)
2016-02-10 00:00:00
Mageia: Security Advisory (MGASA-2016-0066)
2016-02-18 00:00:00
mageia
mageia
Updated python-pillow packages fix security vulnerability
2016-02-17 22:06:01
ubuntu
ubuntu
Python Imaging Library vulnerabilities
2016-09-15 00:00:00
Pillow vulnerabilities
2016-09-27 00:00:00
Pillow regresssion
2016-09-30 00:00:00
gentoo
gentoo
Pillow: Multiple vulnerabilities
2016-12-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.013 Low

EPSS

Percentile

85.9%

JSON
Related for DEBIAN_DLA-422.NASL
nessus18cve1debiancve1github1osv3prion1cvelist1debian2ubuntucve1nvd1freebsd1amazon1fedora2openvas14mageia1ubuntu3gentoo1rosalinux1