Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

SUSE-SU-2018:1191-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2018:1191-1

SUSE-SU-2018:1191-1

HIGH7.8

Security update for python-Pillow

Published May 9, 2018

Modified 8 years ago

Fix available

Details

Description of the patch:

This update for python-Pillow fixes the following issues:

CVE-2016-9190: Pillow allows context-dependent attackers to execute arbitrary code by using the 'crafted image file' approach, related to an 'Insecure Sign Extension' issue affecting the ImagingNew in Storage.c component. (bsc#1008846)
CVE-2016-3076: Heap-based buffer overflow in the j2k_encode_entry function allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. (bsc#973786)

Affected Packages

python-Pillow

SUSE OpenStack Cloud 6

Fixed in:

2.7.0-4.3.1

References

https://bugzilla.suse.com/1008846

https://bugzilla.suse.com/973786

https://lists.suse.com/pipermail/sle-security-updates/2018-May/003989.html

https://www.suse.com/security/cve/CVE-2016-3076/

https://www.suse.com/security/cve/CVE-2016-9190/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2018/suse-su-20181191-1/

CVSS Analysis

CVSS v3.0

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Upstream

CVE-2016-3076 CVE-2016-9190

Ecosystems

SUSE OpenStack Cloud 6

Timeline

PublishedMay 9, 2018

ModifiedMay 9, 2018