Pillow -- multiple vulnerabilities

2016-09-06T00:00:00
ID BC4898D5-A794-11E6-B2D3-60A44CE6887B
Type freebsd
Reporter FreeBSD
Modified 2016-09-06T00:00:00

Description

Pillow reports:

Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbi trary writes.