4.3
CVSSv2

CVE-2016-3076

Published: 24/04/2017 Updated: 29/04/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 up to and including 3.1.1 allows remote malicious users to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

Vulnerable Product Search on Vulmon Subscribe to Product

python pillow 2.5.0

python pillow 2.5.1

python pillow 2.5.2

python pillow 2.5.3

python pillow 2.6.0

python pillow 2.6.1

python pillow 2.6.2

python pillow 2.7.0

python pillow 2.8.0

python pillow 2.8.1

python pillow 2.8.2

python pillow 2.9.0

python pillow 3.0.0

python pillow 3.1.0

Vendor Advisories

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 250 through 311 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file ...