Medium severity6.5NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026
CVE-2016-0775
CVE-2016-0775
Description
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | < 3.1.1 | 3.1.1 |
Affected products
40- ghsa-coords40 versionspkg:pypi/pillowpkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-aodh&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-aodh-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-gnocchi&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-magnum-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-murano&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-murano-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-sahara&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-sahara-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%202pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%202.1pkg:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207
< 3.1.1+ 39 more
- (no CPE)range: < 3.1.1
- (no CPE)range: < 2.2.3.0-17.2
- (no CPE)range: < 4.0+git.1600767499.0615a418f-9.69.3
- (no CPE)range: < 4.0+git.1599037255.25b759234-9.74.4
- (no CPE)range: < 6.7.4-1.17.1
- (no CPE)range: < 0.0.9-1.6.5
- (no CPE)range: < 3.0.5~dev2-2.11.2
- (no CPE)range: < 3.0.5~dev2-2.11.1
- (no CPE)range: < 3.0.1~dev9-2.12.4
- (no CPE)range: < 3.0.1~dev9-2.12.2
- (no CPE)range: < 9.1.5~dev6-4.28.1
- (no CPE)range: < 9.1.5~dev6-4.28.1
- (no CPE)range: < 3.0.7~dev1-2.8.2
- (no CPE)range: < 7.0.7~dev10-5.17.3
- (no CPE)range: < 7.0.7~dev10-5.17.2
- (no CPE)range: < 6.2.5~dev3-2.8.2
- (no CPE)range: < 6.2.5~dev3-2.8.2
- (no CPE)range: < 3.3.2~dev7-14.14.4
- (no CPE)range: < 3.3.2~dev7-14.14.2
- (no CPE)range: < 3.0.1~dev30-4.17.2
- (no CPE)range: < 3.0.1~dev30-4.17.1
- (no CPE)range: < 1.10.1~dev4-13.3
- (no CPE)range: < 3.0.1~dev21-7.5.3
- (no CPE)range: < 3.0.1~dev21-7.5.1
- (no CPE)range: < 9.4.2~dev21-7.43.2
- (no CPE)range: < 9.4.2~dev21-7.43.1
- (no CPE)range: < 9.0.1~dev8-5.8.2
- (no CPE)range: < 9.0.1~dev8-5.8.2
- (no CPE)range: < 14.0.11~dev13-4.45.3
- (no CPE)range: < 14.0.11~dev13-4.45.2
- (no CPE)range: < 5.0.2~dev3-14.3
- (no CPE)range: < 5.0.2~dev3-14.1
- (no CPE)range: < 2.7.0-7.1
- (no CPE)range: < 2.7.0-3.2
- (no CPE)range: < 2.7.0-3.1
- (no CPE)range: < 2.8.1-3.9.1
- (no CPE)range: < 2.7.0-9.1
- (no CPE)range: < 2.7.0-3.1
- (no CPE)range: < 2.8.1-4.17.2
- (no CPE)range: < 3.9.3-7.23.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-8xjv-v9xq-m5h9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-0775ghsaADVISORY
- www.debian.org/security/2016/dsa-3499nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yamlghsaWEB
- github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rstnvdWEB
- github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127bnvdWEB
- security.gentoo.org/glsa/201612-52nvdWEB
News mentions
0No linked articles in our index yet.