CVE-2016-4009Improper Restriction of Operations within the Bounds of a Memory Buffer in Pillow

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or Wraparound10 documents8 sources
Severity
9.8CRITICALNVD
EPSS
5.3%
top 9.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Python Pillow
Timeline
PublishedApr 13
Latest updateNov 16

Description

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

PyPIpython/pillow< 3.1.1
Debianpython/pillow< 3.1.1-1+3
NVDpython/pillow3.1.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Pillow Integer overflow in ImagingResampleHorizontal2018-07-24
OSV
Pillow Integer overflow in ImagingResampleHorizontal2018-07-24
CVEList
CVE-2016-4009: Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample2016-04-13
OSV
CVE-2016-4009: Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample2016-04-13

📋Vendor Advisories

2
Red Hat
python-pillow: integer overflow in the ImagingResampleHorizontal function2016-04-14
Debian
CVE-2016-4009: pillow - Integer overflow in the ImagingResampleHorizontal function in libImaging/Resampl...2016

📄Research Papers

1
arXiv
An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications2018-11-16

💬Community

2
Bugzilla
CVE-2016-4009 python-pillow: integer overflow in the ImagingResampleHorizontal function2016-04-14
Bugzilla
CVE-2016-4009 python-pillow: integer overflow in the ImagingResampleHorizontal function [fedora-all]2016-04-14
CVE-2016-4009 — Python Pillow vulnerability | cvebase