{"id":"CVE-2016-9189","details":"Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the \"crafted image file\" approach, related to an \"Integer Overflow\" issue affecting the Image.core.map_buffer in map.c component.","aliases":["GHSA-rwr3-c2q8-gm56","PYSEC-2016-8"],"modified":"2026-04-09T04:53:54.722619Z","published":"2016-11-04T10:59:09.680Z","related":["MGASA-2016-0383","SUSE-SU-2019:1321-1","SUSE-SU-2019:1772-1"],"references":[{"type":"ADVISORY","url":"http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3710"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94234"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201612-52"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/issues/2105"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/pillow","events":[{"introduced":"0"},{"last_affected":"aab33141f381d5577cdef9033b7fdff79122a10c"},{"introduced":"0"},{"last_affected":"235a7d6d7deab9555dc2c1b42fdf11243f6080e8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.1"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["1.0","1.2","1.7.7","1.7.8","2.0.0","2.1.0","2.2.0","2.2.1","2.3.0","2.5.0","2.7.0","2.8.0","2.8.1","2.9.0","2.9.0.dev0","2.9.0.dev1","2.9.0.dev2","3.1.0","3.1.0-rc1","3.2.0","3.3.0","3.3.1","3.4.0","4.0.0","4.0.0a","4.1.0","4.2.0","4.3.0","5.0.0","5.1.0","5.2.0","5.3.0","5.4.0","6.0.0","6.1.0","6.2.0","7.0.0","7.1.0","7.2.0","8.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9189.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}