CVE-2014-3606 (retired)

Priority
Description
This issue was found while fuzzing PIL/pillow. A specially crafted
arguments passed to _imagingmath.unop() trigger crash in the native
code of the library.
.
The _imagingmath is an internal helper module used by the ImageMath
module, that is not meant to be used directly. The unop() function
uses its arguments as pointers, even a function pointer in case of its
first argument. Any use case where its called with untrusted arguments
would allow code execution.
.
However, that's not how unop() is used in ImageMath, which properly
constructs arguments for the function. Contrary to the information in
comment 0, observed crash is not triggered by a specially-crafted
image, but rather caused by an incorrect function use.
Package
Upstream:not-affected (not a security bug)
Package
Upstream:not-affected (not a security bug)
More Information

Updated: 2019-09-19 15:49:20 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)