Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/python/imaging/patches/07-CVE-2016-9190.patch
author Rich Burridge <rich.burridge@oracle.com>
Mon, 21 Nov 2016 13:24:12 -0800
changeset 7369 a206d468357a
permissions -rw-r--r--
25052020 problem in PYTHON-MOD/PIL 25052021 problem in PYTHON-MOD/PIL

CVE-2016-9190
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9190

Python Imaging allows context-dependent attackers to execute arbitrary code
by using the "crafted image file" approach, related to an "Insecure Sign
Extension" issue affecting the ImagingNew in Storage.c component.

Code changes based on those found upstream for Pillow at:

https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
for:
  libImaging/Storage.c

--- Imaging-1.1.7/libImaging/Storage.c.orig	2016-11-21 07:38:52.301251099 +0000
+++ Imaging-1.1.7/libImaging/Storage.c	2016-11-21 07:40:39.795030452 +0000
@@ -369,6 +369,10 @@
     } else
         bytes = strlen(mode); /* close enough */
 
+    if (xsize < 0 || ysize < 0) {
+        return (Imaging) ImagingError_ValueError("bad image size");
+    }
+
     if ((long) xsize * ysize * bytes <= THRESHOLD) {
         im = ImagingNewBlock(mode, xsize, ysize);
         if (im)
upstream/oracle/userland-gate