Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python3-pil-dbg": "3.1.1-1", "python-pil-dbg": "3.1.1-1", "python-pil-doc": "3.1.1-1", "python3-pil.imagetk": "3.1.1-1", "python3-pil.imagetk-dbg": "3.1.1-1", "python-pil.imagetk": "3.1.1-1", "python-pil.imagetk-dbg": "3.1.1-1", "python3-pil": "3.1.1-1", "python-imaging": "3.1.1-1", "python-pil": "3.1.1-1" } ] }