CVE-2016-0775Improper Restriction of Operations within the Bounds of a Memory Buffer in Pillow

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow14 documents9 sources
Severity
6.5MEDIUMNVD
OSV5.0
EPSS
1.1%
top 22.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Python PillowDebian Linux
Timeline
PublishedApr 13
Latest updateOct 5

Description

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

PyPIpython/pillow< 3.1.1
Debianpython/pillow< 3.1.1-1+3
Ubuntupython/pillow< 2.3.0-1ubuntu3.3+1
NVDpython/pillow3.1.0

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

6
OSV
Pillow Buffer overflow in ImagingFliDecode2018-07-24
GHSA
Pillow Buffer overflow in ImagingFliDecode2018-07-24
OSV
Pillow regression2016-09-30
OSV
Pillow vulnerabilities2016-09-27
CVEList
CVE-2016-0775: Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode2016-04-13

📋Vendor Advisories

5
Ubuntu
Pillow regresssion2016-09-30
Ubuntu
Pillow vulnerabilities2016-09-27
Ubuntu
Python Imaging Library vulnerabilities2016-09-15
Red Hat
python-pillow: Buffer overflow in FliDecode.c2016-02-04
Debian
CVE-2016-0775: pillow - Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pi...2016

📄Research Papers

1
arXiv
Common Vulnerability Scoring System Prediction based on Open Source Intelligence Information Sources2022-10-05

💬Community

1
Bugzilla
CVE-2016-0775 python-pillow: Buffer overflow in FliDecode.c2016-01-25
CVE-2016-0775 — Python Pillow vulnerability | cvebase