MGASA-2016-0066
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 17 Feb 2016, 19:06
Last modified:16 Apr 2026, 06:25
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Feb 2016, 19:06
Published
Vulnerability first disclosed
16 Apr 2026, 06:25
Last Modified
Vulnerability information updated
Description
Updated python-pillow packages fix security vulnerability A buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file (CVE-2016-0740). A buffer overflow in FliDecode.c causing a segfault when opening FLI files (CVE-2016-0775). A buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD files.
Affected Systems
- mageia•python-pillow
< 2.6.2-2.5.mga5
References (5)
- https://advisories.mageia.org/MGASA-2016-0066.html
- https://bugs.mageia.org/show_bug.cgi?id=17671
- http://openwall.com/lists/oss-security/2016/02/02/5
- https://github.com/python-pillow/Pillow/blob/777ef4f523679a9ea0f3573efc224bf821b6abe7/docs/releasenotes/3.1.1.rst
- https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176983.html