PYSEC-2017-92 — Vulnetix

PYSEC-2017-92 PUBLISHED CVSS 9.300000190734863 CRITICAL

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	pillow	2.5.0, 2.5.0, 2.5.1

Timeline

Apr 24, 2017 CVE Published
Apr 22, 2024 CVE Updated

References

https://bugzilla.redhat.com/show_bug.cgi?id=1321929 report
http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html url
http://www.securityfocus.com/bid/98042 url

Open in Interactive Console →