Date: Thu, 10 Nov 2016 22:45:44 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 214412] graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190) Message-ID: <bug-214412-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214412 Bug ID: 214412 Summary: graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190) Product: Ports & Packages Version: Latest Hardware: Any URL: http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3 .2.html OS: Any Status: New Keywords: needs-patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: koobs@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: ports-secteam@FreeBSD.org, python@FreeBSD.org Flags: maintainer-feedback?(koobs@FreeBSD.org) Assignee: koobs@FreeBSD.org * http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative im= age sizes in ImagingNew in Storage.c. A negative image size can lead to a small= er allocation than expected, leading to arbitrary writes. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214412-21822>