vulnerability
FreeBSD: VID-0519db18-cf15-11e5-805c-5453ed2e2b49: py-pillow -- Integer overflow in Resample.c
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:N/I:C/A:C) | Feb 9, 2016 | Feb 12, 2016 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:C)
Published
Feb 9, 2016
Added
Feb 12, 2016
Modified
Dec 10, 2025
Description
The Pillow maintainers report: If a large value was passed into the new size for an image, it is possible to overflow an int32 value passed into malloc, leading the malloc’d buffer to be undersized. These allocations are followed by a loop that writes out of bounds. This can lead to corruption on the heap of the Python process with attacker controlled float data. This issue was found by Ned Williamson.
Solutions
freebsd-upgrade-package-py27-pillowfreebsd-upgrade-package-py33-pillowfreebsd-upgrade-package-py34-pillowfreebsd-upgrade-package-py35-pillow
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.