Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Feb 2016 08:09:22 -0500 (EST)
From: cve-assign@...re.org
To: eric@...oos.net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request -- Buffer overflow in Python-Pillow and PIL

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There is a buffer overflow in PcdDecode.c, where the decoder writes
> assuming 4 bytes per pixel into a 3 byte per pixel wide buffer,
> allowing writing 768 bytes off the end of the buffer. This overwrites
> objects in Python's stack, leading to a crash.
> 
> https://github.com/python-pillow/Pillow/pull/1706

>> The shuffle buffer is initialized to 24bpp, and the pcd decoder offsets 32bpp. 
>> 
>> https://github.com/python-pillow/Pillow/commits/master/libImaging/PcdDecode.c
>> https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
>> 
>> https://github.com/python-pillow/Pillow/commits/3.1.x/libImaging/PcdDecode.c
>> https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
>> 
>> http://www.pythonware.com/products/pil/
>> http://effbot.org/downloads/Imaging-1.1.7.tar.gz

Use CVE-2016-2533 for the issue in Python-Pillow before 3.1.1, and in
PIL 1.1.7 and earlier.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWywf+AAoJEL54rhJi8gl5j6cP/iiw4DS9vVwXkNhF3pUswbPd
yZiMUUwHpVIj+v1ezok6HOc/bRVZzndnhDbQq1i41XbQuY7372t0lntXodsurJeW
SIPaOYc8EG3U8MZecjtOlE/c1RHX6F7dfC0xRa/Pw5fl8NW1uaLqt3H/CAJaZjdO
BEN9z6n8G7SGEg1pQz2y2eDO5Aj5mxhj36MudmaOfiGeH+QVzU/Zbaab6OwC/+QI
topn6yVN2xrCE7mdZEzCSYtomMBD4V6LF3dWqNX9W9VA5epBzdi08erIiANPYQmY
H7IuSiXD8slJg3rlqYJpGzB1rH/O1eQLKc2l+tWxdaSqPeHAce0EXLz/ToH27NWa
aJCUOHcyjKXmQZjtAGH6WzubMWXYxYa0SJ7Eu1N+mrV410SxrA1H/R7+nfXmtaDB
PaffvhOVo0bYcZQHdW4tUxgVASu/ug1euDR2joWhTMQiUXpNOcmRr7Q7CKx5phXa
dI63MhmozSkQAI6oex1Fc5DQ5a/hdcn+SKNlefk5DMh0q3soNwfrWw3UZuGcy4fW
G0slb1Z4Bpa1YoLwVnv3WFiYOPX4LHj/sgfe26pV9lbSG/ZlilSuSsfMUiD2Jqmt
rBxLVNj0yk3lMFw71Map8c18UTgj0VFzLtptfilvTdRuY2PMZUzR6qeX6uJVEFqn
erSrFhvQDHOx5YtXBj8p
=bQgu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ