| Errata ID | 27 |
|---|---|
| Date | 2016-12-14 |
| Source package | python-imaging |
| Fixed in version | 1.1.7-4~ucs3.3.16.201611171204 |
| Description | This update addresses the following issue(s): * PIL/IcnsImagePlugin.py allows remote attackers to cause a denial of service via a crafted block size (CVE-2014-3589) * Execution of arbitrary code due to buffer overflow in FliDecode.c (CVE-2016-0775) * Remote denial of service (crash) via a crafted PhotoCD file due to buffer overflow in the ImagingPcdDecode function in PcdDecode.c (CVE-2016-2533) * Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. (CVE-2016-9189) * Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVE-2016-9190) |
| Additional notes | |
| CVE ID | CVE-2014-3589 CVE-2016-0775 CVE-2016-2533 CVE-2016-9189 CVE-2016-9190 |
| UCS Bug number | #42900 |
