VYPR
Medium severity5.5NVD Advisory· Published Apr 24, 2017· Updated Jun 17, 2026

CVE-2016-3076

CVE-2016-3076

Description

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pillowPyPI
>= 2.5.0, < 3.1.23.1.2

Affected products

25

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.