{"id":"CVE-2016-0775","details":"Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.","aliases":["GHSA-8xjv-v9xq-m5h9","PYSEC-2016-6"],"modified":"2026-04-16T06:17:38.324603580Z","published":"2016-04-13T16:59:02.643Z","related":["SUSE-SU-2016:0924-1","SUSE-SU-2016:0935-1","SUSE-SU-2016:1355-1","SUSE-SU-2016:1569-1","SUSE-SU-2020:2057-1","SUSE-SU-2020:2911-1","openSUSE-SU-2024:10511-1","openSUSE-SU-2024:10567-1","openSUSE-SU-2024:11209-1","openSUSE-SU-2024:13827-1"],"references":[{"type":"WEB","url":"https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201612-52"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3499"},{"type":"FIX","url":"https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python-pillow/pillow","events":[{"introduced":"0"},{"last_affected":"fff5536b37c2d619c66c1189b6925fa0a8df3822"},{"introduced":"0"},{"last_affected":"1cecf08d16509c20473766b4cdb7a65169844819"},{"introduced":"0"},{"last_affected":"235a7d6d7deab9555dc2c1b42fdf11243f6080e8"},{"fixed":"893a40850c2d5da41537958e40569c029a6e127b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"8.0"}]}}],"versions":["1.0","1.2","1.7.7","1.7.8","2.0.0","2.1.0","2.2.0","2.2.1","2.3.0","2.5.0","2.7.0","2.8.0","2.8.1","2.9.0","2.9.0.dev0","2.9.0.dev1","2.9.0.dev2","3.1.0","3.1.0-rc1","3.2.0","3.3.0","3.4.0","4.0.0","4.0.0a","4.1.0","4.2.0","4.3.0","5.0.0","5.1.0","5.2.0","5.3.0","5.4.0","6.0.0","6.1.0","6.2.0","7.0.0","7.1.0","7.2.0","8.0.0"],"database_specific":{"vanir_signatures_modified":"2026-04-10T23:47:40Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"libImaging/FliDecode.c","function":"ImagingFliDecode"},"id":"CVE-2016-0775-83782be4","digest":{"length":3294,"function_hash":"142399850973351246136302585659669407188"},"source":"https://github.com/python-pillow/pillow/commit/893a40850c2d5da41537958e40569c029a6e127b"},{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2016-0775-cf487a56","target":{"file":"libImaging/FliDecode.c"},"digest":{"line_hashes":["90415542530029145092862271186996895067","202176769066957516811457500139573314217","82190935524501381203610935653987214236","164613247097927772616828656383705059358"],"threshold":0.9},"source":"https://github.com/python-pillow/pillow/commit/893a40850c2d5da41537958e40569c029a6e127b"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0775.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}