{"id":"CVE-2016-0740","details":"Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.","aliases":["GHSA-hggx-3h72-49ww","PYSEC-2016-5"],"modified":"2026-07-08T12:35:39.185051Z","published":"2016-04-13T16:59:01.377Z","related":["SUSE-SU-2016:0924-1","SUSE-SU-2016:0935-1","SUSE-SU-2016:1355-1","SUSE-SU-2016:1569-1","openSUSE-SU-2024:10511-1","openSUSE-SU-2024:10567-1","openSUSE-SU-2024:11209-1","openSUSE-SU-2024:13827-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","cpes":["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","extracted_events":[{"introduced":"7.0"},{"last_affected":"7.0"},{"introduced":"8.0"},{"last_affected":"8.0"}]}]},"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3499"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201612-52"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/pillow","events":[{"introduced":"0"},{"last_affected":"fff5536b37c2d619c66c1189b6925fa0a8df3822"},{"fixed":"6dcbf5bd96b717c58d7b642949da8d323099928e"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"3.1.0"}]}}],"versions":["3.1.0","3.1.0-rc1","2.9.0","2.9.0.dev2","2.9.0.dev1","2.9.0.dev0","2.8.1","2.8.0","2.7.0","2.5.0","2.3.0","2.2.1","2.2.0","2.1.0","2.0.0","1.7.8","1.7.7","1.2","1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0740.json","vanir_signatures_modified":"2026-07-08T12:35:39Z","vanir_signatures":[{"source":"https://github.com/python-pillow/pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e","digest":{"threshold":0.9,"line_hashes":["29574709106573506672061254354930231163","177000773178755356185921572642180068015","218009138334723425649690001430230240593","165989606112090444130397288823962577566"]},"signature_version":"v1","deprecated":false,"id":"CVE-2016-0740-b7d6454e","target":{"file":"libImaging/TiffDecode.c"},"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}