Vulnerability Description
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Pillow | <= 3.3.1 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.htmlVendor Advisory
- http://www.debian.org/security/2016/dsa-3710Third Party Advisory
- http://www.securityfocus.com/bid/94234Third Party AdvisoryVDB Entry
- https://github.com/python-pillow/Pillow/issues/2105Issue TrackingPatchThird Party Advisory
- https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca5Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201612-52
- http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.htmlVendor Advisory
- http://www.debian.org/security/2016/dsa-3710Third Party Advisory
- http://www.securityfocus.com/bid/94234Third Party AdvisoryVDB Entry
- https://github.com/python-pillow/Pillow/issues/2105Issue TrackingPatchThird Party Advisory
- https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca5Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201612-52
FAQ
What is CVE-2016-9189?
CVE-2016-9189 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_b...
How severe is CVE-2016-9189?
CVE-2016-9189 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9189?
Check the references section above for vendor advisories and patch information. Affected products include: Python Pillow, Debian Debian Linux.