Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2016-2533

Published: 13/04/2016 Updated: 01/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Python Imaging

Vulnerability Summary

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow prior to 3.1.1 and Python Imaging Library (PIL) 1.1.7 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted PhotoCD file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python imaging project python imaging

python pillow

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: pillow: CVE-2016-0775: Buffer overflow in FliDecode.c
Debian Bug report logs - #813909 pillow: CVE-2016-0775: Buffer overflow in FliDecodec Package: src:pillow; Maintainer for src:pillow is Matthias Klose <doko@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Feb 2016 15:45:02 UTC Severity: important Tags: fixed-upstream, patch, security ...
Debian Security Advisories: DSA-3499-1 pillow -- security update
Multiple security vulnerabilities have been found in Pillow, a Python imaging library, which may result in denial of service or the execution of arbitrary code if a malformed FLI, PCD or Tiff files is processed For the oldstable distribution (wheezy), this problem has been fixed in version 117-4+deb7u2 of the python-imaging source package For t ...
Ubuntu Security Notice: Pillow regression
USN-3090-1 fixed vulnerabilities in Pillow The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images This update temporarily reverts the security fix for CVE-2014-9601 pending further investigation ...
Ubuntu Security Notice: Pillow vulnerabilities
Pillow could be made to crash if it received specially crafted input or opened a specially crafted file ...
Ubuntu Security Notice: python-imaging vulnerabilities
Python Imaging Libary could be made to crash if it received specially crafted input or opened a specially crafted file ...

References

CWE-119http://www.debian.org/security/2016/dsa-3499https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6bhttp://www.openwall.com/lists/oss-security/2016/02/22/2http://www.openwall.com/lists/oss-security/2016/02/02/5https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rsthttps://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6bhttps://github.com/python-pillow/Pillow/pull/1706http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttps://security.gentoo.org/glsa/201612-52https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909https://nvd.nist.govhttps://usn.ubuntu.com/3090-2/https://www.debian.org/security/./dsa-3499
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook