Integer overflow vulnerabilities were found in PyImaging_MapBuffer function, specifically there's unchecked multiplication of xsize * ysize * bytes_per_pixel where the sizes are each an int as well as unchecked addition of the size calculated above with a attacker provided offset value. Upstream patch: https://github.com/python-pillow/Pillow/commit/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
Acknowledgments: Name: the Pillow project
Upstream bug: https://github.com/python-pillow/Pillow/issues/2105 References: http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.