Debian Security Advisory

DLA-422-1 python-imaging -- LTS security update

Date Reported:
21 Feb 2016
Affected Packages:
python-imaging
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 813909.
In Mitre's CVE dictionary: CVE-2016-0775.
More information:

Two buffer overflows were discovered in python-imaging, a Python library for loading and manipulating image files, which may lead to the execution of arbitrary code.

The second buffer overflow was in PcdDecode.c. A CVE identifier has not been assigned yet.

For Debian 6 Squeeze, these problems have been fixed in version 1.1.7-2+deb6u2.

We recommend that you upgrade your python-imaging packages.