Back to bug 1382006
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-10-05 13:52:10 UTC | Depends On | 1380811 | |
| Adam Mariš | 2016-10-05 13:56:47 UTC | Blocks | 1382009 | |
| Doran Moppert | 2016-10-11 06:05:12 UTC | Summary | python-pillow: Missing check of image size for negative values in ImagingNew | python-pillow: Missing check for negative image dimensions in ImagingNew (Storage.c) |
| Doran Moppert | 2016-10-11 06:05:19 UTC | Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-20,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected |
| Doran Moppert | 2016-10-11 06:08:13 UTC | Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected |
| Doran Moppert | 2016-10-11 06:08:50 UTC | Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected |
| Doran Moppert | 2016-10-11 06:21:23 UTC | Doc Text | A | |
| Doran Moppert | 2016-10-12 01:27:40 UTC | Doc Text | A | A vulnerability was found in python-pillow. A crafted image file with negative dimensions could cause a buffer to be under-allocated, leading to arbitrary writes on the heap which could cause a crash or, potentially, code execution. |
| Andrej Nemec | 2016-11-07 09:14:43 UTC | Alias | CVE-2016-9190 | |
| Andrej Nemec | 2016-11-07 09:14:48 UTC | Summary | python-pillow: Missing check for negative image dimensions in ImagingNew (Storage.c) | CVE-2016-9190 python-pillow: Missing check for negative image dimensions in ImagingNew (Storage.c) |
| Doran Moppert | 2016-12-12 01:43:44 UTC | CC | cstratak, torsava | |
| Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=affected,rhel-6/python-imaging=affected,rhel-7/python-pillow=affected,fedora-all/python-pillow=notaffected | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=wontfix,rhel-6/python-imaging=wontfix,rhel-7/python-pillow=wontfix,fedora-all/python-pillow=notaffected | ||
| Doran Moppert | 2016-12-12 01:48:23 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-12-11 20:48:23 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=moderate,public=20161003,reported=20160930,source=upstream,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20->CWE-787,rhel-5/python-imaging=wontfix,rhel-6/python-imaging=wontfix,rhel-7/python-pillow=wontfix,fedora-all/python-pillow=notaffected |
Back to bug 1382006