Описание
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
Ссылки
- Release NotesVendor Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.9.0:dev0:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.9.0:dev1:*:*:*:*:*:*
cpe:2.3:a:python:pillow:2.9.0:dev2:*:*:*:*:*:*
cpe:2.3:a:python:pillow:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:python:pillow:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:python:pillow:3.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00457
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-119
Связанные уязвимости
CVSS3: 5.5
ubuntu
почти 9 лет назад
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
redhat
почти 10 лет назад
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
CVSS3: 5.5
debian
почти 9 лет назад
Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...
EPSS
Процентиль: 63%
0.00457
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-119