equal
deleted
inserted
replaced
|
1 CVE-2016-9190 |
|
2 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9190 |
|
3 |
|
4 Python Imaging allows context-dependent attackers to execute arbitrary code |
|
5 by using the "crafted image file" approach, related to an "Insecure Sign |
|
6 Extension" issue affecting the ImagingNew in Storage.c component. |
|
7 |
|
8 Code changes based on those found upstream for Pillow at: |
|
9 |
|
10 https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af |
|
11 for: |
|
12 libImaging/Storage.c |
|
13 |
|
14 --- Imaging-1.1.7/libImaging/Storage.c.orig 2016-11-21 07:38:52.301251099 +0000 |
|
15 +++ Imaging-1.1.7/libImaging/Storage.c 2016-11-21 07:40:39.795030452 +0000 |
|
16 @@ -369,6 +369,10 @@ |
|
17 } else |
|
18 bytes = strlen(mode); /* close enough */ |
|
19 |
|
20 + if (xsize < 0 || ysize < 0) { |
|
21 + return (Imaging) ImagingError_ValueError("bad image size"); |
|
22 + } |
|
23 + |
|
24 if ((long) xsize * ysize * bytes <= THRESHOLD) { |
|
25 im = ImagingNewBlock(mode, xsize, ysize); |
|
26 if (im) |