Medium severity5.5NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026
CVE-2016-3076
CVE-2016-3076
Description
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pillowPyPI | >= 2.5.0, < 3.1.2 | 3.1.2 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.htmlnvdRelease NotesVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-v9pc-9mvp-x87gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3076ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2017-92.yamlghsaWEB
- github.com/python-pillow/Pillow/blob/4.1.x/docs/releasenotes/3.1.2.rstghsaWEB
- web.archive.org/web/20200227174644/http://www.securityfocus.com/bid/98042ghsaWEB
- www.securityfocus.com/bid/98042nvd
News mentions
0No linked articles in our index yet.