CVE-2016-9190 in Pillowالمعلومات

الملخص

بحسب MITRE

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

04/11/2016

إفشاء

04/11/2016

الاعتدال

تمت الموافقة

إدخال

VDB-93329

CPE

جاهز

CWE

CWE-284 (مؤكد)

CVSS

7.8 (NVD)

EPSS

0.00566

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9190
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9190
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9190/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!