Heap-based buffer overflow in the j2kencodeentry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python-imaging" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python-pil" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python-pil-dbg" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python-pil-doc" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python-pil.imagetk" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python-pil.imagetk-dbg" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python3-pil" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python3-pil-dbg" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python3-pil.imagetk" }, { "binary_version": "3.1.2-0ubuntu1", "binary_name": "python3-pil.imagetk-dbg" } ] }