CVE-2016-0740 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-0740 Interim 1 16 2022-10-15T16:46:42Z current 2021-05-30T13:37:10Z 2022-10-15T16:46:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-0740 Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-March/001976.html E-Mail link for SUSE-SU-2016:0924-1 https://lists.suse.com/pipermail/sle-security-updates/2016-April/001978.html E-Mail link for SUSE-SU-2016:0935-1 https://lists.suse.com/pipermail/sle-security-updates/2016-May/002073.html E-Mail link for SUSE-SU-2016:1355-1 https://lists.suse.com/pipermail/sle-security-updates/2016-June/002113.html E-Mail link for SUSE-SU-2016:1569-1 https://lists.opensuse.org/opensuse-updates/2016-03/msg00055.html E-Mail link for openSUSE-SU-2016:0762-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 1.0 SUSE Enterprise Storage 2 SUSE Enterprise Storage 2.1 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 openSUSE Leap 15.2 openSUSE Tumbleweed python-Pillow-2.7.0-3.1 python-Pillow-2.7.0-3.2 python-Pillow-2.7.0-7.1 python-Pillow-2.7.0-9.1 python-Pillow-3.1.1-4.1 python-Pillow-tk-3.1.1-4.1 python2-Pillow-5.0.0-lp152.4.1 python3-Pillow-3.4.2-1.1 python3-Pillow-5.0.0-lp152.4.1 python3-Pillow-tk-3.4.2-1.1 python36-Pillow-8.3.2-1.2 python36-Pillow-tk-8.3.2-1.2 python38-Pillow-8.3.2-1.2 python38-Pillow-tk-8.3.2-1.2 python39-Pillow-8.3.2-1.2 python39-Pillow-tk-8.3.2-1.2 python-Pillow-2.7.0-7.1 as a component of SUSE Enterprise Storage 1.0 python-Pillow-2.7.0-3.2 as a component of SUSE Enterprise Storage 2 python-Pillow-2.7.0-3.1 as a component of SUSE Enterprise Storage 2.1 python-Pillow-2.7.0-9.1 as a component of SUSE OpenStack Cloud 5 python-Pillow-2.7.0-3.1 as a component of SUSE OpenStack Cloud 6 python2-Pillow-5.0.0-lp152.4.1 as a component of openSUSE Leap 15.2 python3-Pillow-5.0.0-lp152.4.1 as a component of openSUSE Leap 15.2 python-Pillow-3.1.1-4.1 as a component of openSUSE Tumbleweed python-Pillow-tk-3.1.1-4.1 as a component of openSUSE Tumbleweed python3-Pillow-3.4.2-1.1 as a component of openSUSE Tumbleweed python3-Pillow-tk-3.4.2-1.1 as a component of openSUSE Tumbleweed python36-Pillow-8.3.2-1.2 as a component of openSUSE Tumbleweed python36-Pillow-tk-8.3.2-1.2 as a component of openSUSE Tumbleweed python38-Pillow-8.3.2-1.2 as a component of openSUSE Tumbleweed python38-Pillow-tk-8.3.2-1.2 as a component of openSUSE Tumbleweed python39-Pillow-8.3.2-1.2 as a component of openSUSE Tumbleweed python39-Pillow-tk-8.3.2-1.2 as a component of openSUSE Tumbleweed Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. CVE-2016-0740 SUSE Enterprise Storage 1.0:python-Pillow-2.7.0-7.1 SUSE Enterprise Storage 2:python-Pillow-2.7.0-3.2 SUSE Enterprise Storage 2.1:python-Pillow-2.7.0-3.1 SUSE OpenStack Cloud 5:python-Pillow-2.7.0-9.1 SUSE OpenStack Cloud 6:python-Pillow-2.7.0-3.1 openSUSE Leap 15.2:python2-Pillow-5.0.0-lp152.4.1 openSUSE Leap 15.2:python3-Pillow-5.0.0-lp152.4.1 openSUSE Tumbleweed:python-Pillow-3.1.1-4.1 openSUSE Tumbleweed:python-Pillow-tk-3.1.1-4.1 openSUSE Tumbleweed:python3-Pillow-3.4.2-1.1 openSUSE Tumbleweed:python3-Pillow-tk-3.4.2-1.1 openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2 openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2 openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2 openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2 openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2 openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N