[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-0740":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":72,"downstream":73,"duplicates":100,"related":101,"reserved_at":9,"published_at":111,"modified_at":112,"state":113,"summary":114,"references_raw":123,"kevs":167,"epss":168,"epss_history":171,"metrics":437,"affected":453},"CVE-2016-0740","Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[70,71],"GHSA-hggx-3h72-49ww","PYSEC-2016-5",[],[74,76,78,80,82,84,86,88,90,92,94,96,98],{"_key":75},"SUSE-SU-2016:0924-1",{"_key":77},"SUSE-SU-2016:0935-1",{"_key":79},"SUSE-SU-2016:1355-1",{"_key":81},"SUSE-SU-2016:1569-1",{"_key":83},"UBUNTU-CVE-2016-0740",{"_key":85},"USN-3090-1",{"_key":87},"OPENSUSE-SU-2024:10511-1",{"_key":89},"OPENSUSE-SU-2024:10567-1",{"_key":91},"OPENSUSE-SU-2024:11209-1",{"_key":93},"OPENSUSE-SU-2024:13827-1",{"_key":95},"DSA-3499-1",{"_key":97},"MGASA-2016-0066",{"_key":99},"DEBIAN-CVE-2016-0740",[],[102,103,104,105,106,107,108,109,110],{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":97},"2016-04-13T16:00:00.000Z","2024-08-05T22:30:03.984Z","Modified",{"cisa_kev":115,"cisa_ransomware":115,"cisa_vendor":9,"epss_severity":116,"epss_score":117,"severity":118,"severity_score":119,"severity_version":120,"severity_source":121,"severity_vector":122,"severity_status":113},false,"low",0.00146,"medium",6.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",[124,134,139,145,150,154,158,162],{"url":125,"sources":126,"tags":129},"https://security.gentoo.org/glsa/201612-52",[127,121,128],"cve.org","osv_pypi",[130,131,132,133],"Vendor Advisory","X Refsource GENTOO","WEB","Advisory",{"url":135,"sources":136,"tags":137},"http://www.debian.org/security/2016/dsa-3499",[127,121,128],[130,138,132,133],"X Refsource DEBIAN",{"url":140,"sources":141,"tags":142},"https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e",[127,121,128],[143,132,144],"X Refsource CONFIRM","FIX",{"url":146,"sources":147,"tags":148},"https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst",[127,121,128],[143,149,130,132],"Patch",{"url":151,"sources":152,"tags":153},"https://nvd.nist.gov/vuln/detail/CVE-2016-0740",[128],[133],{"url":155,"sources":156,"tags":157},"https://github.com/advisories/GHSA-hggx-3h72-49ww",[128],[133],{"url":159,"sources":160,"tags":161},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml",[128],[132],{"url":163,"sources":164,"tags":165},"https://github.com/python-pillow/Pillow",[128],[166],"PACKAGE",[],{"date":169,"score":117,"percentile":170},"2026-06-04",0.34672,[172,176,179,182,185,188,191,194,197,199,202,205,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,365,368,370,373,376,378,380,384,387,390,393,396,399,402,405,408,411,414,417,419,422,425,428,431,434],{"date":173,"score":174,"percentile":175},"2025-11-04",0.00274,0.50572,{"date":177,"score":174,"percentile":178},"2025-11-05",0.50556,{"date":180,"score":174,"percentile":181},"2025-11-06",0.50567,{"date":183,"score":174,"percentile":184},"2025-11-07",0.50591,{"date":186,"score":174,"percentile":187},"2025-11-08",0.50592,{"date":189,"score":174,"percentile":190},"2025-11-09",0.50581,{"date":192,"score":174,"percentile":193},"2025-11-10",0.50549,{"date":195,"score":174,"percentile":196},"2025-11-11",0.50566,{"date":198,"score":174,"percentile":184},"2025-11-12",{"date":200,"score":174,"percentile":201},"2025-11-13",0.50596,{"date":203,"score":174,"percentile":204},"2025-11-14",0.50603,{"date":206,"score":174,"percentile":201},"2025-11-15",{"date":208,"score":174,"percentile":209},"2025-11-16",0.50576,{"date":211,"score":174,"percentile":212},"2025-11-17",0.50553,{"date":214,"score":174,"percentile":215},"2025-11-18",0.47756,{"date":217,"score":174,"percentile":218},"2025-11-19",0.47771,{"date":220,"score":174,"percentile":221},"2025-11-20",0.47752,{"date":223,"score":174,"percentile":224},"2025-11-21",0.50562,{"date":226,"score":174,"percentile":227},"2025-11-22",0.50555,{"date":229,"score":174,"percentile":230},"2025-11-23",0.50516,{"date":232,"score":174,"percentile":233},"2025-11-24",0.50505,{"date":235,"score":174,"percentile":236},"2025-11-25",0.50513,{"date":238,"score":174,"percentile":239},"2025-11-26",0.50504,{"date":241,"score":174,"percentile":242},"2025-11-27",0.5051,{"date":244,"score":117,"percentile":245},"2025-11-28",0.3552,{"date":247,"score":117,"percentile":248},"2025-11-29",0.35501,{"date":250,"score":117,"percentile":251},"2025-11-30",0.35486,{"date":253,"score":117,"percentile":254},"2025-12-01",0.35592,{"date":256,"score":117,"percentile":257},"2025-12-02",0.356,{"date":259,"score":117,"percentile":260},"2025-12-03",0.35598,{"date":262,"score":117,"percentile":263},"2025-12-04",0.35481,{"date":265,"score":117,"percentile":266},"2025-12-05",0.35512,{"date":268,"score":117,"percentile":269},"2025-12-06",0.35508,{"date":271,"score":117,"percentile":272},"2025-12-07",0.35479,{"date":274,"score":117,"percentile":275},"2025-12-08",0.35491,{"date":277,"score":117,"percentile":278},"2025-12-09",0.35528,{"date":280,"score":117,"percentile":281},"2025-12-10",0.35584,{"date":283,"score":117,"percentile":284},"2025-12-11",0.35612,{"date":286,"score":117,"percentile":287},"2025-12-12",0.35642,{"date":289,"score":117,"percentile":290},"2025-12-13",0.3562,{"date":292,"score":117,"percentile":293},"2025-12-14",0.35591,{"date":295,"score":117,"percentile":296},"2025-12-15",0.35552,{"date":298,"score":117,"percentile":299},"2025-12-16",0.3558,{"date":301,"score":117,"percentile":302},"2025-12-17",0.35629,{"date":304,"score":117,"percentile":305},"2025-12-18",0.35673,{"date":307,"score":117,"percentile":308},"2025-12-19",0.35693,{"date":310,"score":117,"percentile":311},"2025-12-20",0.35675,{"date":313,"score":117,"percentile":314},"2025-12-21",0.35624,{"date":316,"score":117,"percentile":317},"2025-12-22",0.35599,{"date":319,"score":117,"percentile":320},"2025-12-23",0.35595,{"date":322,"score":117,"percentile":323},"2025-12-24",0.35588,{"date":325,"score":117,"percentile":326},"2025-12-25",0.35651,{"date":328,"score":117,"percentile":329},"2025-12-26",0.35633,{"date":331,"score":117,"percentile":332},"2025-12-27",0.35649,{"date":334,"score":117,"percentile":335},"2025-12-28",0.35555,{"date":337,"score":117,"percentile":338},"2025-12-29",0.35526,{"date":340,"score":117,"percentile":341},"2025-12-30",0.35517,{"date":343,"score":117,"percentile":344},"2025-12-31",0.35575,{"date":346,"score":117,"percentile":347},"2026-01-01",0.35716,{"date":349,"score":117,"percentile":350},"2026-01-02",0.35709,{"date":352,"score":117,"percentile":353},"2026-01-03",0.35694,{"date":355,"score":117,"percentile":356},"2026-01-04",0.35542,{"date":358,"score":117,"percentile":359},"2026-01-05",0.35524,{"date":361,"score":117,"percentile":362},"2026-01-06",0.35536,{"date":364,"score":117,"percentile":335},"2026-01-07",{"date":366,"score":117,"percentile":367},"2026-01-08",0.35583,{"date":369,"score":117,"percentile":299},"2026-01-09",{"date":371,"score":117,"percentile":372},"2026-01-10",0.35582,{"date":374,"score":117,"percentile":375},"2026-01-11",0.35562,{"date":377,"score":117,"percentile":248},"2026-01-12",{"date":379,"score":117,"percentile":251},"2026-01-13",{"date":381,"score":382,"percentile":383},"2026-01-14",0.00148,0.35771,{"date":385,"score":382,"percentile":386},"2026-01-15",0.35758,{"date":388,"score":382,"percentile":389},"2026-01-16",0.35777,{"date":391,"score":382,"percentile":392},"2026-01-17",0.3576,{"date":394,"score":382,"percentile":395},"2026-01-18",0.35703,{"date":397,"score":382,"percentile":398},"2026-01-19",0.35664,{"date":400,"score":382,"percentile":401},"2026-01-20",0.35645,{"date":403,"score":382,"percentile":404},"2026-01-21",0.35625,{"date":406,"score":382,"percentile":407},"2026-01-22",0.35611,{"date":409,"score":382,"percentile":410},"2026-01-23",0.35667,{"date":412,"score":382,"percentile":413},"2026-01-24",0.35678,{"date":415,"score":382,"percentile":416},"2026-01-25",0.35623,{"date":418,"score":382,"percentile":335},"2026-01-26",{"date":420,"score":382,"percentile":421},"2026-01-27",0.3555,{"date":423,"score":382,"percentile":424},"2026-01-28",0.35529,{"date":426,"score":382,"percentile":427},"2026-01-29",0.355,{"date":429,"score":382,"percentile":430},"2026-01-30",0.35494,{"date":432,"score":382,"percentile":433},"2026-01-31",0.35504,{"date":435,"score":382,"percentile":436},"2026-02-01",0.35614,[438,448],{"source":121,"cvss_v2_0":439,"cvss_v3_0":444,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":440,"baseSeverity":9,"vectorString":441,"impactScore":442,"exploitabilityScore":443},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":119,"baseSeverity":445,"vectorString":122,"impactScore":446,"exploitabilityScore":447},"MEDIUM",6,7.2,{"source":128,"cvss_v2_0":9,"cvss_v3_0":449,"cvss_v3_1":9,"cvss_v4_0":450},{"baseScore":119,"baseSeverity":9,"vectorString":122,"impactScore":446,"exploitabilityScore":447},{"baseScore":451,"baseSeverity":9,"vectorString":452,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",[454,465,479],{"ecosystem":9,"name":455,"vendor":456,"product":457,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"debian linux","debian","debian_linux","o",[460,463],{"version":461,"is_range":115,"range_type":462,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":464,"is_range":115,"range_type":462,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":466,"name":467,"vendor":466,"product":467,"cpe_part":9,"purl_type":468,"purl_namespace":9,"purl_name":467,"source":9,"versions":469},"PyPI","pillow","pypi",[470,476],{"version":471,"is_range":472,"range_type":473,"version_start":9,"version_start_type":9,"version_end":474,"version_end_type":475,"fixed_in":9},"lt6dcbf5bd96b717c58d7b642949da8d323099928e",true,"ecosystem","6dcbf5bd96b717c58d7b642949da8d323099928e","excluding",{"version":477,"is_range":472,"range_type":473,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":475,"fixed_in":9},"lt3_1_1","3.1.1",{"ecosystem":9,"name":467,"vendor":480,"product":467,"cpe_part":481,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":482},"python","a",[483],{"version":484,"is_range":472,"range_type":462,"version_start":9,"version_start_type":9,"version_end":485,"version_end_type":486,"fixed_in":9},"lte3.1.0","3.1.0","including"]