Back to bug 1382000
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-10-05 13:51:55 UTC | Depends On | 1380811 | |
| Adam Mariš | 2016-10-05 13:56:53 UTC | Blocks | 1382009 | |
| Doran Moppert | 2016-10-11 06:07:06 UTC | Summary | python-pillow: Possible integer overflows in PyImaging_MapBuffer | python-pillow: Integer overflows leading to memory disclosure in PyImaging_MapBuffer (Map.c) |
| Doran Moppert | 2016-10-11 06:07:40 UTC | Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-190,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-190,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected |
| Doran Moppert | 2016-10-11 06:20:52 UTC | Doc Text | A | |
| Doran Moppert | 2016-10-12 01:28:36 UTC | Doc Text | A | A memory disclosure vulnerability was found in python-pillow. Functions in map.c failed to check for image overflow and check that an offset parameter was within bounds, allowing a crafted image to cause a crash or disclosure of memory. |
| Doran Moppert | 2016-10-12 01:29:43 UTC | CC | dmoppert | |
| Andrej Nemec | 2016-11-07 09:16:19 UTC | Alias | CVE-2016-9189 | |
| Andrej Nemec | 2016-11-07 09:16:25 UTC | Summary | python-pillow: Integer overflows leading to memory disclosure in PyImaging_MapBuffer (Map.c) | CVE-2016-9189 python-pillow: Integer overflows leading to memory disclosure in PyImaging_MapBuffer (Map.c) |
| Doran Moppert | 2016-12-12 01:43:32 UTC | CC | cstratak, torsava | |
| Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-190,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-190,rhel-5/python-imaging=wontfix,rhel-6/python-imaging=wontfix,rhel-7/python-pillow=wontfix,fedora-all/python-pillow=notaffected | ||
| Doran Moppert | 2016-12-12 01:48:08 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-12-11 20:48:08 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-190,rhel-5/python-imaging=wontfix,rhel-6/python-imaging=wontfix,rhel-7/python-pillow=wontfix,fedora-all/python-pillow=notaffected |
Back to bug 1382000