Main Vulnerability Database SB2016041325

SB2016041325 - Buffer overflow in Debian Linux

Published: April 13, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016041325

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2016-0740)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

Remediation

Install update from vendor's website.

References

http://www.debian.org/security/2016/dsa-3499
https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
https://security.gentoo.org/glsa/201612-52