VDB
DEBIAN-CVE-2016-9190
DEBIAN-CVE-2016-9190
PUBLISHED
CVSS 7.800000190734863 HIGH
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
Risk Scores
CVSS v3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | pillow | 0, 0, 0 |
| Debian:13 | pillow | 0, 0, 0 |
| Debian:14 | pillow | 0, 0, 0 |
| Debian:12 | pillow | 0, 0, 0 |
Timeline
- Nov 4, 2016 CVE Published
- Apr 28, 2026 CVE Updated