According to the RedHat summary: Integer overflow vulnerabilities were found in PyImaging_MapBuffer function, specifically there's unchecked multiplication of xsize * ysize * bytes_per_pixel where the sizes are each an int as well as unchecked addition of the size calculated above with a attacker provided offset value. Upstream patch: https://github.com/python-pillow/Pillow/commit/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f Reproducible: Always
@python, ready to stabilize?
This issue was resolved and addressed in GLSA 201612-52 at https://security.gentoo.org/glsa/201612-52 by GLSA coordinator Thomas Deutschmann (whissi).