CVE-2016-9189

Опубликовано: 04 нояб. 2016

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

Ссылки

http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
Vendor Advisory
http://www.debian.org/security/2016/dsa-3710
Third Party Advisory
http://www.securityfocus.com/bid/94234
Third Party Advisory
VDB Entry
https://github.com/python-pillow/Pillow/issues/2105
Issue Tracking
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
Issue Tracking
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201612-52
http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
Vendor Advisory
http://www.debian.org/security/2016/dsa-3710
Third Party Advisory
http://www.securityfocus.com/bid/94234
Third Party Advisory
VDB Entry
https://github.com/python-pillow/Pillow/issues/2105
Issue Tracking
Patch
Third Party Advisory
https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
Issue Tracking
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201612-52

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*

Версия до 3.3.1 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00358

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2016-9189

CVSS3: 5.5

ubuntu

больше 9 лет назад

CVE-2016-9189

CVSS3: 6.5

redhat

больше 9 лет назад

CVE-2016-9189

CVSS3: 5.5

debian

больше 9 лет назад

Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...

GHSA-rwr3-c2q8-gm56

CVSS3: 5.5

github

больше 7 лет назад

Pillow Integer overflow in Map.c

EPSS

Процентиль: 57%

0.00358

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190