214412 – graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190)

Bug 214412 - graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190)

Summary: graphics/py-pillow: Multiple vulnerabilities (CVE-2016-9189, CVE-2016-9190)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Kubilay Kocak

URL:	http://pillow.readthedocs.io/en/3.4.x...
Keywords:	needs-patch, security

Duplicates (1):	214415 (view as bug list)
Depends on:	214410 215615
Blocks:
	Show dependency tree / graph

Reported:	2016-11-10 22:45 UTC by VK
Modified:	2017-01-09 18:09 UTC (History)
CC List:	4 users (show)

See Also:	214410

Flags:	bugzilla: maintainer-feedback? (koobs)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description VK 2016-11-10 22:45:44 UTC

* http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html

Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading specially crafted image files. This may lead to memory disclosure or corruption.

Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for negative image sizes in ImagingNew in Storage.c. A negative image size can lead to a smaller allocation than expected, leading to arbitrary writes.

Comment 1 VK 2016-11-10 22:50:32 UTC

* Commit that fixed upstream:
  https://github.com/python-pillow/Pillow/pull/2146

Comment 2 Kubilay Kocak freebsd_committer

2016-11-11 01:40:11 UTC

*** Bug 214415 has been marked as a duplicate of this bug. ***

Comment 3 Mark Felder freebsd_committer

2016-12-05 00:11:34 UTC

Updating seems to require some work. vuxml has landed, though.

Comment 4 VK 2017-01-09 18:09:09 UTC

Fixed with upgrade to 3.4.2, please see bug #215615, and revision 430992

* https://svnweb.freebsd.org/changeset/ports/430992