This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The Pillow maintainers report :
Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64
may overflow a buffer when reading a specially crafted tiff file.
Specifically, libtiff >= 4.0.0 changed the return type of
TIFFScanlineSize from int32 to machine dependent int32|64. If the
scanline is sized so that it overflows an int32, it may be interpreted
as a negative number, which will then pass the size check in
TiffDecode.c line 236. To do this, the logical scanline size has to be
> 2gb, and for the test file, the allocated buffer size is 64k against
a roughly 4gb scan line size. Any image data over 64k is written over
the heap, causing a segfault.
This issue was found by security researcher FourOne.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3