Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-3076

Опубликовано: 24 апр. 2017
Источник: debian

Описание

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pillowfixed3.2.0-1package
python-imagingremovedpackage

Примечания

  • https://github.com/python-pillow/Pillow/commit/a1f244343df389cf15cdfff80327594821097295 (3.2.0)

  • https://github.com/python-pillow/Pillow/commit/d00d8571c2cc7e0f137e4ce4b3669d0698dee79b (3.1.2)

  • Marked as unimportant since source vulnerable but in Debian we do

  • not built against openjpeg by default

Связанные уязвимости

ubuntu логотип

CVE-2016-3076

CVSS3: 5.5
ubuntu
почти 9 лет назад

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

redhat логотип

CVE-2016-3076

redhat
почти 10 лет назад

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

nvd логотип

CVE-2016-3076

CVSS3: 5.5
nvd
почти 9 лет назад

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

github логотип

GHSA-v9pc-9mvp-x87g

CVSS3: 5.5
github
больше 3 лет назад

Pillow Buffer overflow in Jpeg2KEncode.c