Описание
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.0.0-4 |
| esm-infra-legacy/trusty | released | 2.3.0-1ubuntu3.4 |
| esm-infra/xenial | released | 3.1.2-0ubuntu1.1 |
| precise | DNE | |
| trusty | released | 2.3.0-1ubuntu3.4 |
| trusty/esm | released | 2.3.0-1ubuntu3.4 |
| upstream | released | 3.3.2 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 3.1.2-0ubuntu1.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | released | 1.1.7-4ubuntu0.12.04.3 |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| yakkety | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...
Arbitrary code using "crafted image file" approach affecting Pillow
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3