Incoming CVE details
Integer overflow in the ImagingResampleHorizontal function in
libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have
unspecified impact via negative values of the new size, which triggers a
heap-based buffer overflow.
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow
before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows
remote attackers to cause a denial of service (crash) via a crafted PhotoCD
@python, please clean the vulnerable versions from the tree.
This issue was resolved and addressed in
GLSA 201612-52 at https://security.gentoo.org/glsa/201612-52
by GLSA coordinator Thomas Deutschmann (whissi).