CVE-2016-3076: Pillow Buffer overflow in Jpeg2KEncode.c
(updated )
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
References
- bugzilla.redhat.com/show_bug.cgi?id=1321929
- github.com/advisories/GHSA-v9pc-9mvp-x87g
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2017-92.yaml
- github.com/python-pillow/Pillow
- github.com/python-pillow/Pillow/blob/4.1.x/docs/releasenotes/3.1.2.rst
- nvd.nist.gov/vuln/detail/CVE-2016-3076
- web.archive.org/web/20200227174644/http://www.securityfocus.com/bid/98042
Detect and mitigate CVE-2016-3076 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →