https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214412
Bug ID: 214412 Summary: graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190) Product: Ports & Packages Version: Latest Hardware: Any URL: http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3 .2.html OS: Any Status: New Keywords: needs-patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ko...@freebsd.org Reporter: vlad-f...@acheronmedia.com CC: ports-sect...@freebsd.org, pyt...@freebsd.org Flags: maintainer-feedback?(ko...@freebsd.org) Assignee: ko...@freebsd.org * http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbitrary writes. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"