[Bug 214412] graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190)

bugzilla-noreply Thu, 10 Nov 2016 14:46:15 -0800

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214412


            Bug ID: 214412
           Summary: graphics/py-pillow: Multiple vulnerabilities
                    (CVE-2016-9189, CVE-2016-9190)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3
                    .2.html
                OS: Any
            Status: New
          Keywords: needs-patch, security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ko...@freebsd.org
          Reporter: vlad-f...@acheronmedia.com
                CC: ports-sect...@freebsd.org, pyt...@freebsd.org
             Flags: maintainer-feedback?(ko...@freebsd.org)
          Assignee: ko...@freebsd.org

* http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html

Pillow prior to 3.3.2 may experience integer overflow errors in map.c when
reading specially crafted image files. This may lead to memory disclosure or
corruption.

Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image
sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller
allocation than expected, leading to arbitrary writes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214412] graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190)

Reply via email to