Bugzilla – Bug 1008845
VUL-0: CVE-2016-9189: python-pillow: Integer overflows leading to memory disclosure in PyImaging_MapBuffer (Map.c)
Last modified: 2020-04-30 15:12:38 UTC
rh#1382000 Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. References: https://bugzilla.redhat.com/show_bug.cgi?id=1382000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9189 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9189.html http://www.cvedetails.com/cve/CVE-2016-9189/ https://github.com/python-pillow/Pillow/issues/2105 http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
bugbot adjusting priority
Submissions sent to Cloud 7 and SES 5.
SUSE-SU-2019:1321-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1008845,1008846,973786 CVE References: CVE-2016-3076,CVE-2016-9189,CVE-2016-9190 Sources used: SUSE Enterprise Storage 5 (src): python-Pillow-2.8.1-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1772-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1008845 CVE References: CVE-2016-9189 Sources used: SUSE OpenStack Cloud 7 (src): python-Pillow-2.8.1-4.6.1 SUSE Enterprise Storage 4 (src): python-Pillow-2.8.1-4.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done