{"id":"CVE-2016-4009","details":"Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.","aliases":["GHSA-hvr8-466p-75rh","PYSEC-2016-7"],"modified":"2026-04-11T03:43:46.076045Z","published":"2016-04-13T16:59:25.353Z","related":["SUSE-SU-2019:2334-1","SUSE-SU-2020:1194-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/86064"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201612-52"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/pull/1714"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/pillow","events":[{"introduced":"0"},{"last_affected":"fff5536b37c2d619c66c1189b6925fa0a8df3822"},{"fixed":"4e0d9b0b9740d258ade40cce248c93777362ac1e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.0"}]}}],"versions":["1.0","1.2","1.7.7","1.7.8","2.0.0","2.1.0","2.2.0","2.2.1","2.3.0","2.5.0","2.7.0","2.8.0","2.8.1","2.9.0","2.9.0.dev0","2.9.0.dev1","2.9.0.dev2","3.1.0","3.1.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4009.json","vanir_signatures_modified":"2026-04-11T03:43:46Z","vanir_signatures":[{"source":"https://github.com/python-pillow/pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["249392201170125350440898696531716901244","11202227587953824529638588905880424058","160024393064123553677550538001732590219","152923593847819400325982600685847468786","133896275041027215488050480160794937903","188299484084202681145575477904912448110"]},"signature_version":"v1","id":"CVE-2016-4009-887ea3b7","target":{"file":"libImaging/Resample.c"}},{"source":"https://github.com/python-pillow/pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e","signature_type":"Function","deprecated":false,"digest":{"length":4789,"function_hash":"24739840428488294126398128952243479434"},"signature_version":"v1","id":"CVE-2016-4009-e59d23a3","target":{"file":"libImaging/Resample.c","function":"ImagingResampleHorizontal"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}