CVE-2016-2533

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

References

http://www.debian.org/security/2016/dsa-3499

http://www.openwall.com/lists/oss-security/2016/02/02/5

http://www.openwall.com/lists/oss-security/2016/02/22/2

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst

https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b

https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b

https://github.com/python-pillow/Pillow/pull/1706

https://security.gentoo.org/glsa/201612-52

Details

Source: MITRE

Published: 2016-04-13

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
135635EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)NessusHuawei Local Security Checks
critical
134533EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1244)NessusHuawei Local Security Checks
medium
132189EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2019-2654)NessusHuawei Local Security Checks
high
131591EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2019-2437)NessusHuawei Local Security Checks
high
130688EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2019-2226)NessusHuawei Local Security Checks
medium
96227GLSA-201612-52 : Pillow: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
93827Ubuntu 14.04 LTS : Pillow regression (USN-3090-2)NessusUbuntu Local Security Checks
medium
93775Ubuntu 14.04 LTS : Pillow vulnerabilities (USN-3090-1)NessusUbuntu Local Security Checks
medium
93559Ubuntu 12.04 LTS : python-imaging vulnerabilities (USN-3080-1)NessusUbuntu Local Security Checks
medium
89005Debian DSA-3499-1 : pillow - security updateNessusDebian Local Security Checks
medium