CVE-2016-4009

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 3.1.1

Description The issue is caused by an integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c, which can be exploited by remote attackers via negative values of the new size, triggering a heap-based buffer overflow. This can potentially impact the confidentiality, integrity, and availability of data.

Recommendations For Pillow versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ImagingResampleHorizontal function to minimize the risk of exploitation. Avoid using negative values for the new size in the affected function until the issue is resolved.