PYSEC-2017-92

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2017-92.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2017-92
Aliases
Published
2017-04-24T18:59:00Z
Modified
2024-04-22T23:12:39.632068Z
Summary
[none]
Details

Heap-based buffer overflow in the j2kencodeentry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

References

Affected packages

PyPI / pillow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.5.0
Fixed
3.1.2

Affected versions

2.*

2.5.0
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.6.2
2.7.0
2.8.0
2.8.1
2.8.2
2.9.0

3.*

3.0.0
3.1.0.rc1
3.1.0rc1
3.1.0
3.1.1