CVE-2014-3606 (retired)

This issue was found while fuzzing PIL/pillow. A specially crafted
arguments passed to _imagingmath.unop() trigger crash in the native
code of the library.
The _imagingmath is an internal helper module used by the ImageMath
module, that is not meant to be used directly. The unop() function
uses its arguments as pointers, even a function pointer in case of its
first argument. Any use case where its called with untrusted arguments
would allow code execution.
However, that's not how unop() is used in ImageMath, which properly
constructs arguments for the function. Contrary to the information in
comment 0, observed crash is not triggered by a specially-crafted
image, but rather caused by an incorrect function use.
Upstream:not-affected (not a security bug)
Upstream:not-affected (not a security bug)
More Information

Updated: 2019-09-19 15:49:20 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)