CVE-2016-9190
Python Imaging allows context-dependent attackers to execute arbitrary code
by using the "crafted image file" approach, related to an "Insecure Sign
Extension" issue affecting the ImagingNew in Storage.c component.
Code changes based on those found upstream for Pillow at:
for:
--- Imaging-1.1.7/libImaging/Storage.c.orig 2016-11-21 07:38:52.301251099 +0000
+++ Imaging-1.1.7/libImaging/Storage.c 2016-11-21 07:40:39.795030452 +0000
@@ -369,6 +369,10 @@
} else
bytes = strlen(mode); /* close enough */
+ if (xsize < 0 || ysize < 0) {
+ return (Imaging) ImagingError_ValueError("bad image size");
+ }
+
if ((long) xsize * ysize * bytes <= THRESHOLD) {
im = ImagingNewBlock(mode, xsize, ysize);
if (im)