FreeBSD : py-pillow -- Integer overflow in Resample.c (0519db18-cf15-11e5-805c-5453ed2e2b49)

high Nessus Plugin ID 88665

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Pillow maintainers report :

If a large value was passed into the new size for an image, it is possible to overflow an int32 value passed into malloc, leading the malloc'd buffer to be undersized. These allocations are followed by a loop that writes out of bounds. This can lead to corruption on the heap of the Python process with attacker controlled float data.

This issue was found by Ned Williamson.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?77a6304d

https://github.com/python-pillow/Pillow/issues/1710

http://www.nessus.org/u?9b5d0e0d

Plugin Details

Severity: High

ID: 88665

File Name: freebsd_pkg_0519db18cf1511e5805c5453ed2e2b49.nasl

Version: 2.4

Type: local

Published: 2/10/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-pillow, p-cpe:/a:freebsd:freebsd:py33-pillow, p-cpe:/a:freebsd:freebsd:py34-pillow, p-cpe:/a:freebsd:freebsd:py35-pillow, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/9/2016

Vulnerability Publication Date: 2/5/2016