vulnerability

FreeBSD: py-pillow -- Integer overflow in Resample.c

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:N/A:C)	Feb 5, 2016	Feb 12, 2016	Feb 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:C)

Published

Feb 5, 2016

Added

Feb 12, 2016

Modified

Feb 19, 2025

Description

The Pillow maintainers report:

If a large value was passed into the new size for an image, it is
possible to overflow an int32 value passed into malloc, leading the
malloc’d buffer to be undersized. These allocations are followed by
a loop that writes out of bounds. This can lead to corruption on
the heap of the Python process with attacker controlled float
data.
This issue was found by Ned Williamson.

Solution

freebsd-upgrade-package-py27-pillow

References

URL-https://github.com/python-pillow/Pillow/commit/41fae6d9e2da741d2c5464775c7f1a609ea03798
URL-https://github.com/python-pillow/Pillow/issues/1710

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today