Upstream information

CVE-2016-0775 at MITRE

Description

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 6.5
Vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
SUSE Bugzilla entries: 965579 [RESOLVED / FIXED], 965582 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Enterprise Storage 1.0
  • python-Pillow >= 2.7.0-7.1
Patchnames:
SUSE-Storage-1.0-2016-796
SUSE Enterprise Storage 2
  • python-Pillow >= 2.7.0-3.2
Patchnames:
SUSE-Storage-2-2016-934
SUSE Enterprise Storage 2.1
  • python-Pillow >= 2.7.0-3.1
Patchnames:
SUSE-Storage-2.1-2016-539
SUSE OpenStack Cloud 5
  • python-Pillow >= 2.7.0-9.1
Patchnames:
sleclo50sp3-python-Pillow-12485
SUSE OpenStack Cloud 6
  • python-Pillow >= 2.7.0-3.1
Patchnames:
SUSE-OpenStack-Cloud-6-2016-539
openSUSE Leap 42.1
  • python-Pillow >= 2.9.0-6.1
  • python-Pillow-debuginfo >= 2.9.0-6.1
  • python-Pillow-debugsource >= 2.9.0-6.1
  • python-Pillow-tk >= 2.9.0-6.1
  • python-Pillow-tk-debuginfo >= 2.9.0-6.1
Patchnames:
openSUSE-2016-339
openSUSE Leap 42.2
  • python-Pillow >= 2.9.0-6.4
  • python-Pillow-tk >= 2.9.0-6.4
Patchnames:
openSUSE Leap 42.2 GA python-Pillow
openSUSE Leap 42.3
  • python-Pillow >= 2.9.0-8.2
  • python-Pillow-tk >= 2.9.0-8.2
Patchnames:
openSUSE Leap 42.3 GA python-Pillow
openSUSE Tumbleweed
  • python-Pillow >= 3.1.1-4.1
  • python-Pillow-tk >= 3.1.1-4.1
  • python3-Pillow >= 3.4.2-1.1
  • python3-Pillow-tk >= 3.4.2-1.1
Patchnames:
openSUSE Tumbleweed GA python-Pillow
openSUSE Tumbleweed GA python3-Pillow


Status of this issue by product and package

Product(s) Source package State
SUSE Cloud 5 python-Pillow Released
SUSE Openstack Cloud 6 python-Pillow Released
SUSE Storage 1.0 python-Pillow Released
SUSE Storage 2.0 python-Pillow Released
SUSE Storage 2.1 python-Pillow Released