PYSEC-2017-92

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2017-92.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-92

Aliases

CVE-2016-3076
GHSA-v9pc-9mvp-x87g

Published

2017-04-24T18:59:00Z

Modified

2024-04-22T23:12:39.632068Z

Summary

[none]

Details

Heap-based buffer overflow in the j2kencodeentry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1321929
http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html
http://www.securityfocus.com/bid/98042

Affected packages

PyPI / pillow

Package

Name: pillow; View open source insights on deps.dev
Purl: pkg:pypi/pillow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Fixed

3.1.2

Affected versions

2.*

2.5.0

2.5.1

2.5.2

2.5.3

2.6.0

2.6.1

2.6.2

2.7.0

2.8.0

2.8.1

2.8.2

2.9.0

3.*

3.0.0

3.1.0.rc1

3.1.0rc1

3.1.0

3.1.1