Home

CVE-2016-2533

Description

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.278

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-0740,CVE-2016-0775,CVE-2016-2533,CVE-2016-4009 are fixed in Python-pillow 3.1.1Windows
python-pillow Security Update (ALAS-2025-2803) python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS-2025-2803) python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS-2025-2803) python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS-2025-2803) python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS-2025-2803) python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS2-2025-2803) python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS2-2025-2803) python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS2-2025-2803) python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS2-2025-2803) python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
python-pillow Security Update (ALAS2-2025-2803) python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.16.x86_64.rpmLinux
Vulnerabilities CVE-2016-0740,CVE-2016-0775,CVE-2016-2533,CVE-2016-4009 are fixed in Python-pillow for linux 3.1.1Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2533)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234