CVE-2016-3076 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-3076 Interim 1 15 2023-02-11T02:20:02Z current 2021-05-30T13:40:19Z 2023-02-11T02:20:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-3076 Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-May/003980.html E-Mail link for SUSE-SU-2018:1174-1 https://lists.suse.com/pipermail/sle-security-updates/2018-May/003989.html E-Mail link for SUSE-SU-2018:1191-1 https://lists.suse.com/pipermail/sle-security-updates/2019-May/005487.html E-Mail link for SUSE-SU-2019:1321-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Enterprise Storage 5 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 openSUSE Leap 15.2 openSUSE Tumbleweed python-Pillow-2.7.0-4.3.1 python-Pillow-2.8.1-3.3.1 python-Pillow-2.8.1-4.3.2 python2-Pillow-5.0.0-lp152.4.1 python3-Pillow-3.4.2-1.1 python3-Pillow-5.0.0-lp152.4.1 python3-Pillow-tk-3.4.2-1.1 python36-Pillow-8.3.2-1.2 python36-Pillow-tk-8.3.2-1.2 python38-Pillow-8.3.2-1.2 python38-Pillow-tk-8.3.2-1.2 python39-Pillow-8.3.2-1.2 python39-Pillow-tk-8.3.2-1.2 python-Pillow-2.8.1-4.3.2 as a component of SUSE Enterprise Storage 4 python-Pillow-2.8.1-3.3.1 as a component of SUSE Enterprise Storage 5 python-Pillow-2.7.0-4.3.1 as a component of SUSE OpenStack Cloud 6 python-Pillow-2.8.1-4.3.2 as a component of SUSE OpenStack Cloud 7 python2-Pillow-5.0.0-lp152.4.1 as a component of openSUSE Leap 15.2 python3-Pillow-5.0.0-lp152.4.1 as a component of openSUSE Leap 15.2 python3-Pillow-3.4.2-1.1 as a component of openSUSE Tumbleweed python3-Pillow-tk-3.4.2-1.1 as a component of openSUSE Tumbleweed python36-Pillow-8.3.2-1.2 as a component of openSUSE Tumbleweed python36-Pillow-tk-8.3.2-1.2 as a component of openSUSE Tumbleweed python38-Pillow-8.3.2-1.2 as a component of openSUSE Tumbleweed python38-Pillow-tk-8.3.2-1.2 as a component of openSUSE Tumbleweed python39-Pillow-8.3.2-1.2 as a component of openSUSE Tumbleweed python39-Pillow-tk-8.3.2-1.2 as a component of openSUSE Tumbleweed Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. CVE-2016-3076 SUSE Enterprise Storage 4:python-Pillow-2.8.1-4.3.2 SUSE Enterprise Storage 5:python-Pillow-2.8.1-3.3.1 SUSE OpenStack Cloud 6:python-Pillow-2.7.0-4.3.1 SUSE OpenStack Cloud 7:python-Pillow-2.8.1-4.3.2 openSUSE Leap 15.2:python2-Pillow-5.0.0-lp152.4.1 openSUSE Leap 15.2:python3-Pillow-5.0.0-lp152.4.1 openSUSE Tumbleweed:python3-Pillow-3.4.2-1.1 openSUSE Tumbleweed:python3-Pillow-tk-3.4.2-1.1 openSUSE Tumbleweed:python36-Pillow-8.3.2-1.2 openSUSE Tumbleweed:python36-Pillow-tk-8.3.2-1.2 openSUSE Tumbleweed:python38-Pillow-8.3.2-1.2 openSUSE Tumbleweed:python38-Pillow-tk-8.3.2-1.2 openSUSE Tumbleweed:python39-Pillow-8.3.2-1.2 openSUSE Tumbleweed:python39-Pillow-tk-8.3.2-1.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H