CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9189
https://notcve.org/view.php?id=CVE-2016-9189
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. Pillow en versiones anteriores a 3.3.2 permite a atacantes dependientes de contexto obtener información sensible utilizando la aproximación "archivo de imagen manipulado", relacionado con un problema "Integer Overflow" que afecta a Image.core.map_buffer en el componente map.c. • http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html http://www.debian.org/security/2016/dsa-3710 http://www.securityfocus.com/bid/94234 https://github.com/python-pillow/Pillow/issues/2105 https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f https://security.gentoo.org/glsa/201612-52 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9190
https://notcve.org/view.php?id=CVE-2016-9190
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. Pillow en versiones anteriores a 3.3.2 permite a atacantes dependientes de contexto ejecutar código arbitrario utilizando la aproximación "archivo de imagen manipulado", relacionado con un problema "Insecure Sign Extension" que afecta a ImagingNew en el componente Storage.c. • http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html http://www.debian.org/security/2016/dsa-3710 http://www.securityfocus.com/bid/94234 https://github.com/python-pillow/Pillow/issues/2105 https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af https://security.gentoo.org/glsa/201612-52 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-4009
https://notcve.org/view.php?id=CVE-2016-4009
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función ImagengResampleHorizontal en libImaging/Resample.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos tener un impacto no especificado a través de valores negativos del tamaño nuevo, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • http://www.securityfocus.com/bid/86064 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e https://github.com/python-pillow/Pillow/pull/1714 https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0740
https://notcve.org/view.php?id=CVE-2016-0740
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. Desbordamiento de buffer en la función ImagengLibTiffDecode en libImageng/TiffDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos sobrescribir memoria a través de un archivo TIFF manipulado. • http://www.debian.org/security/2016/dsa-3499 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0775
https://notcve.org/view.php?id=CVE-2016-0775
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. Desbordamiento de buffer en la función ImagingFliDecode en libImageng/FliDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo FLI manipulado. • http://www.debian.org/security/2016/dsa-3499 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •