{"id":"CVE-2016-9190","details":"Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component.","aliases":["GHSA-w4vg-rf63-f3j3","PYSEC-2016-9"],"modified":"2026-05-15T12:03:19.697298299Z","published":"2016-11-04T10:59:10.803Z","related":["SUSE-SU-2018:1174-1","SUSE-SU-2018:1191-1","SUSE-SU-2019:1321-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"}]},"references":[{"type":"ADVISORY","url":"http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3710"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94234"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201612-52"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/issues/2105"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}