Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

SUSE-SU-2018:1191-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2018:1191-1

SUSE-SU-2018:1191-1

UNKNOWN

Security update for python-Pillow

Published May 9, 2018

Modified 7 years ago

Fix available

Details

This update for python-Pillow fixes the following issues:

CVE-2016-9190: Pillow allows context-dependent attackers to execute arbitrary code by using the 'crafted image file' approach, related to an 'Insecure Sign Extension' issue affecting the ImagingNew in Storage.c component. (bsc#1008846)
CVE-2016-3076: Heap-based buffer overflow in the j2k_encode_entry function allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. (bsc#973786)

Affected Packages

python-Pillow

SUSE OpenStack Cloud 6

Fixed in:

2.7.0-4.3.1

References

https://bugzilla.suse.com/1008846

https://bugzilla.suse.com/973786

https://www.suse.com/security/cve/CVE-2016-3076

https://www.suse.com/security/cve/CVE-2016-9190

https://www.suse.com/support/update/announcement/2018/suse-su-20181191-1/

Upstream

CVE-2016-3076 CVE-2016-9190

Related

CVE-2016-3076 CVE-2016-9190

Ecosystems

SUSE OpenStack Cloud 6

Timeline

PublishedMay 9, 2018

ModifiedMay 9, 2018