PYSEC-2016-7 — Vulnetix

PYSEC-2016-7 PUBLISHED CVSS 9.300000190734863 CRITICAL

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	pillow	0, 0, 1.0

Timeline

Apr 13, 2016 CVE Published
Nov 8, 2023 CVE Updated
May 1, 2026 Security Advisory

References

https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst url
http://www.securityfocus.com/bid/86064 url
https://github.com/advisories/GHSA-hvr8-466p-75rh advisory
https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e fix
https://github.com/python-pillow/Pillow/pull/1714 fix
https://security.gentoo.org/glsa/201612-52 advisory

Open in Interactive Console →