CVE-2016-0740 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pillow

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound12 documents8 sources

Severity

6.5MEDIUMNVD

OSV5.0

EPSS

0.1%

top 65.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Pillow Debian Linux

Timeline

PublishedApr 13

Latest updateJul 24

Description

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶PyPIpython/pillow< 3.1.1

▶Debianpython/pillow< 3.1.1-1+3

▶Ubuntupython/pillow< 2.3.0-1ubuntu3.3+1

▶NVDpython/pillow3.1.0

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Pillow Buffer overflow in ImagingLibTiffDecode↗2018-07-24

▶

OSV

Pillow Buffer overflow in ImagingLibTiffDecode↗2018-07-24

▶

OSV

Pillow regression↗2016-09-30

▶

OSV

Pillow vulnerabilities↗2016-09-27

▶

OSV

CVE-2016-0740: Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode↗2016-04-13

▶

📋Vendor Advisories

Ubuntu

Pillow regresssion↗2016-09-30

▶

Ubuntu

Pillow vulnerabilities↗2016-09-27

▶

Red Hat

python-pillow: Integer overflow resulting in buffer overflow when reading invalid tiff file↗2016-02-04

▶

Debian

CVE-2016-0740: pillow - Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c ...↗2016

▶

💬Community

Bugzilla

CVE-2016-0740 python-pillow: Integer overflow resulting in buffer overflow when reading invalid tiff file↗2016-01-15

▶