Lucene search

PRIOn knowledge basePRION:CVE-2016-2533

HistoryApr 13, 2016 - 4:59 p.m.

Buffer overflow

2016-04-1316:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

JSON

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq7.0
pillowle3.1.0
python_imagingle1.1.7

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	7.0
pillow	le	3.1.0
python_imaging	le	1.1.7

References

www.debian.org/security/2016/dsa-3499

www.openwall.com/lists/oss-security/2016/02/02/5

www.openwall.com/lists/oss-security/2016/02/22/2

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst

github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9

github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4

github.com/python-pillow/Pillow/pull/1706

security.gentoo.org/glsa/201612-52