Medium severity6.5NVD Advisory· Published Apr 13, 2016· Updated Jun 17, 2026
CVE-2016-2533
CVE-2016-2533
Description
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 3.1.1 | 3.1.1 |
Affected products
8- cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*Range: <=1.1.7
- ghsa-coords4 versionspkg:pypi/pillowpkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207
< 3.1.1+ 3 more
- (no CPE)range: < 3.1.1
- (no CPE)range: < 2.8.1-4.9.1
- (no CPE)range: < 2.8.1-3.6.1
- (no CPE)range: < 2.8.1-4.9.1
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-3c5c-7235-994jghsaADVISORY
- github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rstnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-2533ghsaADVISORY
- www.debian.org/security/2016/dsa-3499nvdWEB
- www.openwall.com/lists/oss-security/2016/02/02/5nvdWEB
- www.openwall.com/lists/oss-security/2016/02/22/2nvdWEB
- www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yamlghsaWEB
- github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rstghsaWEB
- github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9nvdWEB
- github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4nvdWEB
- github.com/python-pillow/Pillow/pull/1706nvdWEB
- security.gentoo.org/glsa/201612-52nvdWEB
News mentions
0No linked articles in our index yet.