Bug 967970 (CVE-2016-2533) - VUL-0: CVE-2016-2533: python-Pillow: Buffer overflow in PCD decoding
Summary: VUL-0: CVE-2016-2533: python-Pillow: Buffer overflow in PCD decoding
Status: RESOLVED FIXED
Alias: CVE-2016-2533
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/162104/
Whiteboard: CVSSv2:NVD:CVE-2016-2533:4.3:(AV:N/AC...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-24 08:25 UTC by Alexander Bergmann
Modified: 2020-06-30 07:37 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-02-24 08:25:18 UTC 
http://www.openwall.com/lists/oss-security/2016/02/02/5

There is a buffer overflow in PcdDecode.c, where the decoder writes
assuming 4 bytes per pixel into a 3 byte per pixel wide buffer,
allowing writing 768 bytes off the end of the buffer. This overwrites
objects in Python's stack, leading to a crash. 

All versions of Python Pillow <= 3.1.0 and PIL == 1.1.7 (at the least) are affected.

This issue and the patch are public:
https://github.com/python-pillow/Pillow/pull/1706

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1304504
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
http://seclists.org/oss-sec/2016/q1/396
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2533.html
Comment 1 Swamp Workflow Management 2016-02-24 23:01:02 UTC 
bugbot adjusting priority
Comment 5 Dirk Mueller 2019-08-07 16:46:19 UTC 
submitted as update for Cloud7, newer than Cloud7 not affected:

$ iosc sr SUSE:SLE-12-SP2:Update:Products:Cloud7:Update
WARNING:
WARNING: Project does not accept submit request, a NEW maintenance incident request will be created instead
WARNING:
created request id 198363
Comment 8 Swamp Workflow Management 2019-09-09 13:16:06 UTC 
SUSE-SU-2019:2334-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 967970,975500
CVE References: CVE-2016-2533,CVE-2016-4009
Sources used:
SUSE OpenStack Cloud 7 (src):    python-Pillow-2.8.1-4.9.1
SUSE Enterprise Storage 4 (src):    python-Pillow-2.8.1-4.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-05-06 13:17:39 UTC 
SUSE-SU-2020:1194-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 967970,975500
CVE References: CVE-2016-2533,CVE-2016-4009
Sources used:
SUSE Enterprise Storage 5 (src):    python-Pillow-2.8.1-3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Tim Serong 2020-05-12 08:46:31 UTC 
SES5 update released per comment 12, assigning back to security-team
Comment 14 Alexandros Toptsoglou 2020-06-30 07:37:38 UTC 
Done