Candidate: CVE-2016-4009
PublicDate: 2016-04-13 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
Description:
 Integer overflow in the ImagingResampleHorizontal function in
 libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to
 have unspecified impact via negative values of the new size, which triggers
 a heap-based buffer overflow.
Ubuntu-Description:
Notes:
 mdeslaur> Upstream says only 2.7+ are affected
Bugs:
 https://github.com/python-pillow/Pillow/issues/1737
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_pillow:
 upstream: https://github.com/python-pillow/Pillow/pull/1714
 upstream: https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
upstream_pillow: released (3.1.1-1)
precise_pillow: DNE
trusty_pillow: not-affected (code not present)
trusty/esm_pillow: not-affected (code not present)
vivid/stable-phone-overlay_pillow: DNE
vivid/ubuntu-core_pillow: DNE
wily_pillow: ignored (reached end-of-life)
xenial_pillow: not-affected (3.1.1-1)
esm-infra/xenial_pillow: not-affected (3.1.1-1)
yakkety_pillow: not-affected (3.3.1-1)
devel_pillow: not-affected (3.3.1-1)