Pillow -- multiple vulnerabilities

ID BC4898D5-A794-11E6-B2D3-60A44CE6887B
Type freebsd
Reporter FreeBSD
Modified 2016-09-06T00:00:00


Pillow reports:

Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbi trary writes.