FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
bc4898d5-a794-11e6-b2d3-60a44ce6887b	Pillow -- multiple vulnerabilities Pillow reports: Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption. Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbi trary writes. Discovery 2016-09-06 Entry 2016-12-04 py27-pillow py33-pillow py34-pillow py35-pillow < 3.3.2 http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html https://github.com/python-pillow/Pillow/issues/2105 CVE-2016-9189 CVE-2016-9190 ports/214410

VuXML ID

Description

bc4898d5-a794-11e6-b2d3-60a44ce6887b

Pillow -- multiple vulnerabilities

Pillow reports:

Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption.

Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbi trary writes.

Discovery 2016-09-06
Entry 2016-12-04
py27-pillow
py33-pillow
py34-pillow
py35-pillow

< 3.3.2

http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
https://github.com/python-pillow/Pillow/issues/2105
CVE-2016-9189
CVE-2016-9190
ports/214410