CVE-2016-4009

CRITICAL

Pillow <3.1.1 - Buffer Overflow

Title source: llm

Description

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

References (5)

[Patch, Vendor Advisory] https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst

[Patch] https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e

[Patch] https://github.com/python-pillow/Pillow/pull/1714

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/86064

[Third Party Advisory] https://security.gentoo.org/glsa/201612-52

Scores

CVSS v3 9.8

EPSS 0.0526

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (2)

python/pillow < 3.1.0

pypi/pillow < 3.1.1PyPI

Timeline

Published Apr 13, 2016

Tracked Since Feb 18, 2026