Lucene search
Gentoo FoundationGLSA-201612-52HistoryDec 31, 2016 - 12:00 a.m.
Pillow: Multiple vulnerabilities
2016-12-3100:00:00
Gentoo Foundation
security.gentoo.org
36
0.073 Low
EPSS
Percentile
94.0%
Background
The friendly PIL fork.
Description
Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.
Impact
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application, or obtain sensitive information.
A remote attackers could execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Pillow users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/pillow-3.4.2"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-python/pillow | <Â 3.4.2 | UNKNOWN |
Related
nessus
nessus
GLSA-201612-52 : Pillow: Multiple vulnerabilities
2017-01-03 00:00:00
EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2019-2226)
2019-11-08 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2226)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2020-1244)
2020-03-13 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2654)
2020-01-23 00:00:00
debian
debian
[SECURITY] [DSA 3499-1] pillow security update
2016-02-28 22:15:04
[SECURITY] [DLA 705-1] python-imaging security update
2016-11-07 16:15:29
[SECURITY] [DSA 3710-1] pillow security update
2016-11-10 22:11:23
freebsd
freebsd
Pillow -- multiple vulnerabilities
2016-09-06 00:00:00
py-pillow -- Buffer overflow in TIFF decoding code
2016-02-04 00:00:00
py-imaging, py-pillow -- Buffer overflow in FLI decoding code
2016-02-05 00:00:00
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2016-11-17 19:37:05
Updated python-pillow packages fix insecure use of temporary files
2014-04-03 19:18:48
Updated python-imaging package fixes insecure use of temporary files
2014-04-03 19:18:48
securityvulns
securityvulns
Python Imaging Library security vulnerabilities
2014-05-04 00:00:00
[USN-2168-1] Python Imaging Library vulnerabilities
2014-05-04 00:00:00
pillow multiple security vulnerabilities
2015-04-19 00:00:00
ubuntu
ubuntu
Python Imaging Library vulnerabilities
2014-04-15 00:00:00
Pillow vulnerabilities
2017-03-13 00:00:00
Python Imaging Library vulnerabilities
2017-03-13 00:00:00
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 23 Update: python-pillow-3.0.0-2.fc23
2016-02-09 20:55:54
[SECURITY] Fedora 22 Update: python-pillow-2.8.2-4.fc22
2016-02-21 02:28:07
[SECURITY] Fedora 20 Update: python-pillow-2.2.1-7.fc20
2014-11-22 12:39:31
osv
osv
python-imaging - security update
2016-02-21 00:00:00
Pillow Integer overflow in Map.c
2018-07-24 20:08:27
Arbitrary code using "crafted image file" approach affecting Pillow
2018-07-12 14:45:42
amazon
amazon
Important: python-pillow
2023-09-27 22:49:00
Medium: python-pillow
2024-01-03 21:05:00
Medium: python-imaging
2023-07-13 23:57:00
cve
cve
cvelist
cvelist
prion
prion
Integer overflow
2016-11-04 10:59:00
Code injection
2016-11-04 10:59:00
Command injection
2014-04-17 14:55:00
debiancve
debiancve
github
github
Arbitrary code using "crafted image file" approach affecting Pillow
2018-07-12 14:45:42
Pillow Integer overflow in Map.c
2018-07-24 20:08:27
Pillow Temporary file name leakage
2020-05-18 17:41:19
redhatcve
redhatcve
CVE-2016-9189
2016-11-07 09:47:15
CVE-2016-9190
2016-11-07 09:17:30
f5
f5
K67317871 : Python Pillow vulnerability CVE 2016-4009
2017-01-27 00:00:00
veracode
veracode
Integer Overflow
2017-05-16 03:23:08
threatpost
threatpost
Popular Android App Leaks Microsoft Exchange User Credentials
2016-10-14 08:00:37
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40