Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Feb 2016 18:51:24 +0000
From: Eric Soroos <eric@...oos.net>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request -- Buffer overflow in Python-Pillow and PIL

Hello, 

I’d like to request a CVE number for all versions of Python Pillow <= 3.1.0  and PIL == 1.1.7 (at the least). 

There is a buffer overflow in PcdDecode.c, where the decoder writes assuming 4 bytes per pixel into a 3 byte per pixel wide buffer, allowing writing 768 bytes off the end of the buffer. This overwrites objects in Python's stack, leading to a crash. 

This issue and the patch are public:  https://github.com/python-pillow/Pillow/pull/1706

Thanks, 

Eric

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ