vulnerability

FreeBSD: VID-bc4898d5-a794-11e6-b2d3-60a44ce6887b (CVE-2016-9190): Pillow -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Dec 4, 2016	Dec 4, 2016	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Dec 4, 2016

Added

Dec 4, 2016

Modified

Dec 10, 2025

Description

Pillow reports: Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbi trary writes.

Solutions

freebsd-upgrade-package-py27-pillowfreebsd-upgrade-package-py33-pillowfreebsd-upgrade-package-py34-pillowfreebsd-upgrade-package-py35-pillow

References

CVE-2016-9190
https://attackerkb.com/topics/CVE-2016-9190
CWE-284

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today