oss-sec mailing list archives

Re: CVE Request -- Buffer overflow in Python-Pillow and PIL

From: Stefan Cornelius <scorneli () redhat com>
Date: Mon, 22 Feb 2016 13:25:33 +0100

On Tue, 2 Feb 2016 18:51:24 +0000
Eric Soroos <eric () soroos net> wrote:

Hello, 

I’d like to request a CVE number for all versions of Python Pillow <=
3.1.0  and PIL == 1.1.7 (at the least). 

There is a buffer overflow in PcdDecode.c, where the decoder writes
assuming 4 bytes per pixel into a 3 byte per pixel wide buffer,
allowing writing 768 bytes off the end of the buffer. This overwrites
objects in Python's stack, leading to a crash. 

This issue and the patch are public:
https://github.com/python-pillow/Pillow/pull/1706

Thanks, 

Eric


Hi,

I don't think this ever got a CVE? Could one please be assigned?

Thanks and kind regards,
-- 
Stefan Cornelius / Red Hat Product Security

Current thread:

CVE Request -- Buffer overflow in Python-Pillow and PIL Eric Soroos (Feb 02)
- Re: CVE Request -- Buffer overflow in Python-Pillow and PIL Stefan Cornelius (Feb 22)
- Re: CVE Request -- Buffer overflow in Python-Pillow and PIL cve-assign (Feb 22)