CVE-2016-9190 Vulnerability

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. (CVSS:6.8) (Last Update:2016-11-04)

Vulnerability Details : Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. Publish Date : 2016-11-04 Last Update Date : 2016-11-04 - CVSS Scores & Vulnerability Types CVSS Score 6.8 Confidentiality Impact Partial(There is considerable informational disclosure.) Integrity Impact Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial(There is reduced performance or interruptions in resource availability.) Access Complexity Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Execute Code CWE ID 284 - Products Affected By CVE-2016-9190 # Product Type Vendor Product Version Update Edition Language 1 Application Python Pillow 3.3.1 Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions Python Pillow 1 - References For CVE-2016-9190 http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html CONFIRM https://github.com/python-pillow/Pillow/issues/2105 CONFIRM https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af CONFIRM

- Metasploit Modules Related To CVE-2016-9190 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)