CVE-2016-9190

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
04/11/2016
Last modified:
12/04/2025

Description

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:* 3.3.1 (including)
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*