Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
],
"vendor_product": "debian:debian_linux",
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "3.1.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"29574709106573506672061254354930231163",
"177000773178755356185921572642180068015",
"218009138334723425649690001430230240593",
"165989606112090444130397288823962577566"
]
},
"target": {
"file": "libImaging/TiffDecode.c"
},
"id": "CVE-2016-0740-b7d6454e",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/python-pillow/pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0740.json"
"2026-07-08T12:35:39Z"