| Errata ID | 337 |
|---|---|
| Date | 2016-12-01 |
| Source package | python-imaging |
| Fixed in version | 1.1.7-4.15.201611102035 |
| Description | This update addresses the following issue(s): * Execution of arbitrary code due to buffer overflow in FliDecode.c (CVE-2016-0775) * Remote denial of service (crash) via a crafted PhotoCD file due to buffer overflow in the ImagingPcdDecode function in PcdDecode.c (CVE-2016-2533) * Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. (CVE-2016-9189) * Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVE-2016-9190) |
| Additional notes | |
| CVE ID | CVE-2016-0775 CVE-2016-2533 CVE-2016-9189 CVE-2016-9190 |
| UCS Bug number | #37067 |
