Medium severity6.5NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026
CVE-2016-2533
CVE-2016-2533
Description
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 3.1.1 | 3.1.1 |
Affected products
4- cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*Range: <=1.1.7
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- github.com/advisories/GHSA-3c5c-7235-994jghsaADVISORY
- github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rstnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-2533ghsaADVISORY
- www.debian.org/security/2016/dsa-3499nvdWEB
- www.openwall.com/lists/oss-security/2016/02/02/5nvdWEB
- www.openwall.com/lists/oss-security/2016/02/22/2nvdWEB
- www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yamlghsaWEB
- github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rstghsaWEB
- github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9nvdWEB
- github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4nvdWEB
- github.com/python-pillow/Pillow/pull/1706nvdWEB
- security.gentoo.org/glsa/201612-52nvdWEB
News mentions
0No linked articles in our index yet.