Arbitrary Code Execution Vulnerability in Pillow (CVE-2017-8299)

Arbitrary Code Execution Vulnerability in Pillow (CVE-2017-8299)

CVE-2016-9190 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

Learn more about our Web Application Penetration Testing UK.