CVE-2016-0740

Опубликовано: 13 апр. 2016

Источник: debian

Описание

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pillow	fixed	3.1.1-1		package
python-imaging	not-affected			package

Примечания

Issue when linked against libtiff >= 4.0.0
Fixed by: https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e (3.1.1)
Introduced by: https://github.com/python-pillow/Pillow/commit/e782fe721e0156de9636e78cd881d9f9e7e6ce50 (2.0.0)

Связанные уязвимости

CVE-2016-0740

CVSS3: 6.5

ubuntu

почти 10 лет назад

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

CVE-2016-0740

redhat

около 10 лет назад

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

CVE-2016-0740

CVSS3: 6.5

nvd

почти 10 лет назад

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

GHSA-hggx-3h72-49ww

CVSS3: 6.5

github

больше 7 лет назад

Pillow Buffer overflow in ImagingLibTiffDecode

openSUSE-SU-2016:0762-1

suse-cvrf

почти 10 лет назад

Security update for python-Pillow