Vulnerability CVE-2016-2533


Published: 2016-04-13

Description:
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

Vendor: Debian
Product: Debian linux 
Version: 8.0; 7.0;
Product: Python-imaging 
Version: 1.1.7;
Vendor: Python
Product: Pillow 
Version: 3.1.0;
Vendor: Python imaging project
Product: Python imaging 
Version: 1.1.7;
Vendor: Python-imaging project
Product: Python-imaging 
Version: 1.1.7;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.debian.org/security/2016/dsa-3499
http://www.openwall.com/lists/oss-security/2016/02/02/5
http://www.openwall.com/lists/oss-security/2016/02/22/2
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
https://github.com/python-pillow/Pillow/pull/1706
https://security.gentoo.org/glsa/201612-52

Copyright 2019, cxsecurity.com

 

Back to Top