Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-9190

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVE-2016-9190)

Source

ALAS-2023-1787

Amazon Linux AMI Security Advisory: ALAS-2023-1787
Advisory Release Date: 2023-07-13 23:57 Pacific
Advisory Updated Date: 2023-07-19 21:51 Pacific

Severity: Medium

References: CVE-2016-9190
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVE-2016-9190)

Affected Packages:

python-imaging

Issue Correction:
Run yum update python-imaging to update your system.

New Packages:

i686:
    python27-imaging-1.1.6-19.10.amzn1.i686
    python27-imaging-devel-1.1.6-19.10.amzn1.i686
    python26-imaging-1.1.6-19.10.amzn1.i686
    python-imaging-debuginfo-1.1.6-19.10.amzn1.i686
    python26-imaging-devel-1.1.6-19.10.amzn1.i686

src:
    python-imaging-1.1.6-19.10.amzn1.src

x86_64:
    python26-imaging-devel-1.1.6-19.10.amzn1.x86_64
    python26-imaging-1.1.6-19.10.amzn1.x86_64
    python-imaging-debuginfo-1.1.6-19.10.amzn1.x86_64
    python27-imaging-devel-1.1.6-19.10.amzn1.x86_64
    python27-imaging-1.1.6-19.10.amzn1.x86_64

Additional References

Red Hat: CVE-2016-9190

Mitre: CVE-2016-9190

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2023-1787

ALAS-2023-1787

Additional References

Vulmon Search

About

Products

Connect