http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html

DSA-3710

94234

https://github.com/python-pillow/Pillow/issues/2105

https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f

GLSA-201612-52

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Pillow before 3.3.2 allows context-dependent attackers     to obtain sensitive information by using the 'crafted     image file' approach, related to an 'Integer Overflow'     issue affecting the Image.core.map_buffer in map.c     component.(CVE-2016-9189)

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

  - Integer overflow in the ImagingResampleHorizontal     function in libImaging/Resample.c in Pillow before     3.1.1 allows remote attackers to have unspecified     impact via negative values of the new size, which     triggers a heap-based buffer overflow.(CVE-2016-4009)

  - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)     and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows     remote attackers to cause a denial of service via a     crafted block size.(CVE-2014-3589)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py     scripts in Python Image Library (PIL) 1.1.7 and earlier     and Pillow before 2.3.1 uses the names of temporary     files on the command line, which makes it easier for     local users to conduct symlink attacks by listing the     processes.(CVE-2014-1933)

  - The (1) load_djpeg function in JpegImagePlugin.py, (2)     Ghostscript function in EpsImagePlugin.py, (3) load     function in IptcImagePlugin.py, and (4) _copy function     in Image.py in Python Image Library (PIL) 1.1.7 and     earlier and Pillow before 2.3.1 do not properly create     temporary files, which allow local users to overwrite     arbitrary files and obtain sensitive information via a     symlink attack on the temporary file.(CVE-2014-1932)

  - An issue was discovered in Pillow before 6.2.0. When     reading specially crafted invalid image files, the     library can either allocate very large amounts of     memory or take an extremely long period of time to     process the image.(CVE-2019-16865)

  - libImaging/FliDecode.c in Pillow before 6.2.2 has an     FLI buffer overflow.(CVE-2020-5313)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - A memory disclosure vulnerability was found in     python-pillow. Functions in map.c failed to check for     image overflow and check that an offset parameter was     within bounds, allowing a crafted image to cause a     crash or disclosure of memory.(CVE-2016-9189)

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)     and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows     remote attackers to cause a denial of service via a     crafted block size.(CVE-2014-3589)

  - Pillow before 2.7.0 allows remote attackers to cause a     denial of service via a compressed text chunk in a PNG     image that has a large size when it is     decompressed.(CVE-2014-9601)

  - Pillow before 3.3.2 allows context-dependent attackers     to execute arbitrary code by using the 'crafted image     file' approach, related to an 'Insecure Sign Extension'     issue affecting the ImagingNew in Storage.c     component.(CVE-2016-9190)

  - Pillow before 3.3.2 allows context-dependent attackers     to obtain sensitive information by using the 'crafted     image file' approach, related to an 'Integer Overflow'     issue affecting the Image.core.map_buffer in map.c     component.(CVE-2016-9189)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py     scripts in Python Image Library (PIL) 1.1.7 and earlier     and Pillow before 2.3.1 uses the names of temporary     files on the command line, which makes it easier for     local users to conduct symlink attacks by listing the     processes.(CVE-2014-1933)

  - The (1) load_djpeg function in JpegImagePlugin.py, (2)     Ghostscript function in EpsImagePlugin.py, (3) load     function in IptcImagePlugin.py, and (4) _copy function     in Image.py in Python Image Library (PIL) 1.1.7 and     earlier and Pillow before 2.3.1 do not properly create     temporary files, which allow local users to overwrite     arbitrary files and obtain sensitive information via a     symlink attack on the temporary file.(CVE-2014-1932)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Pillow before 2.7.0 allows remote attackers to cause a     denial of service via a compressed text chunk in a PNG     image that has a large size when it is     decompressed.(CVE-2014-9601)

  - The (1) load_djpeg function in JpegImagePlugin.py, (2)     Ghostscript function in EpsImagePlugin.py, (3) load     function in IptcImagePlugin.py, and (4) _copy function     in Image.py in Python Image Library (PIL) 1.1.7 and     earlier and Pillow before 2.3.1 do not properly create     temporary files, which allow local users to overwrite     arbitrary files and obtain sensitive information via a     symlink attack on the temporary file.(CVE-2014-1932)

  - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py     scripts in Python Image Library (PIL) 1.1.7 and earlier     and Pillow before 2.3.1 uses the names of temporary     files on the command line, which makes it easier for     local users to conduct symlink attacks by listing the     processes.(CVE-2014-1933)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)     and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows     remote attackers to cause a denial of service via a     crafted block size.(CVE-2014-3589)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - Pillow before 3.3.2 allows context-dependent attackers     to obtain sensitive information by using the 'crafted     image file' approach, related to an 'Integer Overflow'     issue affecting the Image.core.map_buffer in map.c     component.(CVE-2016-9189)

  - Pillow before 3.3.2 allows context-dependent attackers     to execute arbitrary code by using the 'crafted image     file' approach, related to an 'Insecure Sign Extension'     issue affecting the ImagingNew in Storage.c     component.(CVE-2016-9190)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - Pillow before 3.3.2 allows context-dependent attackers     to obtain sensitive information by using the 'crafted     image file' approach, related to an 'Integer Overflow'     issue affecting the Image.core.map_buffer in map.c     component.(CVE-2016-9189)

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that Pillow incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9601)

Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2016-9189)

Cris Neckar discovered that Pillow incorrectly handled certain malformed images. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9190).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the Python Imaging Library incorrectly handled certain compressed text chunks in PNG images. A remote attacker could possibly use this issue to cause the Python Imaging Library to crash, resulting in a denial of service. (CVE-2014-9601)

Cris Neckar discovered that the Python Imaging Library incorrectly handled certain malformed images. A remote attacker could use this issue to cause the Python Imaging Library to crash, resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2016-9189)

Cris Neckar discovered that the Python Imaging Library incorrectly handled certain malformed images. A remote attacker could use this issue to cause the Python Imaging Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9190).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201612-52 (Pillow: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Pillow. Please review       the CVE identifiers referenced below for details.
  Impact :

    A local attacker could perform symlink attacks to overwrite arbitrary       files with the privileges of the user running the application, or obtain       sensitive information.
    A remote attackers could execute arbitrary code with the privileges of       the process, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Pillow reports :

Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption.

Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbi trary writes.

Cris Neckar discovered multiple vulnerabilities in Pillow, a Python imaging library, which may result in the execution of arbitrary code or information disclosure if a malformed image file is processed.

ID	Name	Product	Family	Severity
135635	EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)	Nessus	Huawei Local Security Checks	critical
134533	EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1244)	Nessus	Huawei Local Security Checks	medium
132189	EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2019-2654)	Nessus	Huawei Local Security Checks	high
131591	EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2019-2437)	Nessus	Huawei Local Security Checks	high
130688	EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2019-2226)	Nessus	Huawei Local Security Checks	medium
97723	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : pillow vulnerabilities (USN-3230-1)	Nessus	Ubuntu Local Security Checks	high
97722	Ubuntu 12.04 LTS : python-imaging vulnerabilities (USN-3229-1)	Nessus	Ubuntu Local Security Checks	high
96227	GLSA-201612-52 : Pillow: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
95513	FreeBSD : Pillow -- multiple vulnerabilities (bc4898d5-a794-11e6-b2d3-60a44ce6887b)	Nessus	FreeBSD Local Security Checks	high
94738	Debian DSA-3710-1 : pillow - security update	Nessus	Debian Local Security Checks	high

CVE-2016-9189

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

medium

high

high

medium

high

high

critical

high

high