CVE-2016-3076

Опубликовано: 24 апр. 2017

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 4.3

CVSS3: 5.5

Описание

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

Релиз	Статус	Примечание
devel	not-affected	3.1.2-0ubuntu1
esm-infra-legacy/trusty	not-affected	no j2k support
esm-infra/xenial	not-affected	3.1.2-0ubuntu1
precise	DNE
trusty	not-affected	no j2k support
trusty/esm	not-affected	no j2k support
upstream	needs-triage
vivid/stable-phone-overlay	DNE
vivid/ubuntu-core	DNE
wily	ignored	end of life

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra-legacy/trusty	DNE
precise	not-affected	no j2k support
trusty	DNE
trusty/esm	DNE
upstream	needs-triage
vivid/stable-phone-overlay	DNE
vivid/ubuntu-core	DNE
wily	DNE
xenial	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 63%

0.00457

Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2016-3076

redhat

почти 10 лет назад

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

CVE-2016-3076

CVSS3: 5.5

nvd

почти 9 лет назад

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

CVE-2016-3076

CVSS3: 5.5

debian

почти 9 лет назад

Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...

GHSA-v9pc-9mvp-x87g

CVSS3: 5.5

github

больше 3 лет назад

Pillow Buffer overflow in Jpeg2KEncode.c

EPSS

Процентиль: 63%

0.00457

Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3

CVE-2016-3076

Описание

Пакет pillow

Пакет python-imaging

Ссылки на источники

Связанные уязвимости