{"id":"PYSEC-2017-92","details":"Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.","aliases":["CVE-2016-3076","GHSA-v9pc-9mvp-x87g"],"modified":"2024-04-22T23:12:39.632068Z","published":"2017-04-24T18:59:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1321929"},{"type":"WEB","url":"http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/98042"}],"affected":[{"package":{"name":"pillow","ecosystem":"PyPI","purl":"pkg:pypi/pillow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.5.0"},{"fixed":"3.1.2"}]}],"versions":["2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.7.0","2.8.0","2.8.1","2.8.2","2.9.0","3.0.0","3.1.0","3.1.0.rc1","3.1.0rc1","3.1.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2017-92.yaml"}}],"schema_version":"1.7.3"}