Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2016-9189

Published: 04/11/2016 Updated: 01/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Pillow

Vulnerability Summary

Pillow prior to 3.3.2 allows context-dependent malicious users to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python pillow

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: python-imaging vulnerabilities
Several security issues were fixed in the Python Imaging Library ...
Ubuntu Security Notice: pillow vulnerabilities
Several security issues were fixed in Pillow ...
Debian Security Advisories: DSA-3710-1 pillow -- security update
Cris Neckar discovered multiple vulnerabilities in Pillow, a Python imaging library, which may result in the execution of arbitrary code or information disclosure if a malformed image file is processed For the stable distribution (jessie), these problems have been fixed in version 261-2+deb8u3 For the testing distribution (stretch), these probl ...
Amazon Linux 2: ALAS-2024-2413
Pillow before 332 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Imagecoremap_buffer in mapc component (CVE-2016-9189) ...
Red Hat: CVE-2016-9189
A memory disclosure vulnerability was found in python-pillow Functions in mapc failed to check for image overflow and check that an offset parameter was within bounds, allowing a crafted image to cause a crash or disclosure of memory ...

References

CWE-190http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.htmlhttps://github.com/python-pillow/Pillow/issues/2105https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0fhttp://www.securityfocus.com/bid/94234http://www.debian.org/security/2016/dsa-3710https://security.gentoo.org/glsa/201612-52https://nvd.nist.govhttps://usn.ubuntu.com/3229-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook