Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Ubuntu 23.10 USN-6744-1 Critical: Pillow Buffer Overflow Exploit

ubuntu
Calendar Grey April 22, 2024
Dist Ubuntu Esm H88
A vulnerability in the Pillow library for Ubuntu presents risks that may lead to system crashes or arbitrary code execution. Immediate action is advised to update any impacted software.
Pillow could be made to crash or run programs as an administrator if it opened a specially crafted file.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Pillow could be made to crash or run programs as an administrator if it opened a specially crafted file. Software Description: - pillow: Python Imaging Library Details: Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Topics%20covered

Topics Covered

security advisory moderate denial of service buffer overflow ubuntu pillow

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: python3-pil 10.0.0-1ubuntu0.2 Ubuntu 22.04 LTS: python3-pil 9.0.1-1ubuntu0.3 Ubuntu 20.04 LTS: python3-pil 7.0.0-4ubuntu0.9 Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-pil 5.1.0-1ubuntu0.8+esm1 python3-pil 5.1.0-1ubuntu0.8+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): python-pil 3.1.2-0ubuntu1.6+esm2 python3-pil 3.1.2-0ubuntu1.6+esm2 Ubuntu 14.04 LTS (Available with Ubuntu Pro): python-pil 2.3.0-1ubuntu3.4+esm4 python3-pil 2.3.0-1ubuntu3.4+esm4 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6744-1

CVE-2024-28219

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6744-1

Topics%20covered

Topics Covered

security advisory moderate denial of service buffer overflow ubuntu pillow

Package Information

https://launchpad.net/ubuntu/+source/pillow/10.0.0-1ubuntu0.2 https://launchpad.net/ubuntu/+source/pillow/9.0.1-1ubuntu0.3 https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.9

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here