CVE-2016-3076

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-3076

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3076.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-3076

Aliases

Related

Published

2017-04-24T18:59:00Z

Modified

2024-08-01T07:47:52.327738Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Heap-based buffer overflow in the j2kencodeentry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

References

Affected packages

Debian:11 / pillow

Package

Name: pillow
Purl: pkg:deb/debian/pillow?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / pillow

Package

Name: pillow
Purl: pkg:deb/debian/pillow?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / pillow

Package

Name: pillow
Purl: pkg:deb/debian/pillow?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/python-pillow/pillow

Affected ranges

Type: GIT
Repo: https://github.com/python-pillow/pillow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0177cceac4adfd0020ecbf49fb44ad275dcc1f51

Last affected

0222a059d62723fe056daa17f007f87dc46595b4

Last affected

0f05eb287a223ce106848cd048cfcb45e9faa565

Last affected

1ab78b8fb7e1f7078dd110bc8d9fba3cc0006e51

Last affected

3f09b8f1715b018e8249337f1432070301c61e18

Last affected

4081f9f6a504c9d3b83237fafdecf2be042976a8

Last affected

445a8c06fce647249e6a832f595fcdfff1743ad0

Last affected

4a8471dea18f6196161e4444ce5625f46cecd1e1

Last affected

68c6904c280ad872620cc8d904e6d4e6ecc5b6f9

Last affected

80672b61e8596c7d6dab7b4ef3ef1e4783902f51

Last affected

80d6137c860b9322572ee1390514df1975acb2e7

Last affected

81ebc21abfdd9d152f05d8516b17efba26e4d5b7

Last affected

9634e437efeeda906ad6bfcc275b17732d64f32a

Last affected

96944e2dd664efb98e25d0e86671420af26fda40

Last affected

9f0ec3b0d7637e04fa735d7dfb94464301b02c1e

Last affected

d754598f146f868e8cd7d247b3af6cf3f3c8d510

Last affected

efe925c26f4fb78613b5ed98d488f71a723d03e8

Last affected

fff5536b37c2d619c66c1189b6925fa0a8df3822

Affected versions

1.*

1.0

1.2

1.7.6

1.7.7

1.7.8

2.*

2.0.0

2.1.0

2.2.0

2.2.1

2.2.2

2.3.0

2.5.0

2.5.1

2.6.0

2.6.0-rc1

2.6.1

2.7.0

2.8.0

2.8.1

2.8.2

2.9.0

2.9.0.dev0

2.9.0.dev1

2.9.0.dev2

3.*

3.0.0