[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-0775":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":72,"downstream":73,"duplicates":106,"related":107,"reserved_at":9,"published_at":119,"modified_at":120,"state":121,"summary":122,"references_raw":131,"kevs":174,"epss":175,"epss_history":178,"metrics":436,"affected":452},"CVE-2016-0775","Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[70,71],"GHSA-8xjv-v9xq-m5h9","PYSEC-2016-6",[],[74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104],{"_key":75},"SUSE-SU-2016:0924-1",{"_key":77},"SUSE-SU-2016:0935-1",{"_key":79},"SUSE-SU-2016:1355-1",{"_key":81},"SUSE-SU-2016:1569-1",{"_key":83},"SUSE-SU-2020:2057-1",{"_key":85},"SUSE-SU-2020:2911-1",{"_key":87},"UBUNTU-CVE-2016-0775",{"_key":89},"USN-3090-1",{"_key":91},"OPENSUSE-SU-2024:10511-1",{"_key":93},"OPENSUSE-SU-2024:10567-1",{"_key":95},"OPENSUSE-SU-2024:11209-1",{"_key":97},"OPENSUSE-SU-2024:13827-1",{"_key":99},"DLA-422-1",{"_key":101},"DSA-3499-1",{"_key":103},"MGASA-2016-0066",{"_key":105},"DEBIAN-CVE-2016-0775",[],[108,109,110,111,112,113,114,115,116,117,118],{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":103},"2016-04-13T16:00:00.000Z","2024-08-05T22:30:04.755Z","Modified",{"cisa_kev":123,"cisa_ransomware":123,"cisa_vendor":9,"epss_severity":124,"epss_score":125,"severity":126,"severity_score":127,"severity_version":128,"severity_source":129,"severity_vector":130,"severity_status":121},false,"low",0.01069,"medium",6.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",[132,142,148,153,157,161,165,169],{"url":133,"sources":134,"tags":137},"https://security.gentoo.org/glsa/201612-52",[135,129,136],"cve.org","osv_pypi",[138,139,140,141],"Vendor Advisory","X Refsource GENTOO","WEB","Advisory",{"url":143,"sources":144,"tags":145},"https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b",[135,129,136],[146,140,147],"X Refsource CONFIRM","FIX",{"url":149,"sources":150,"tags":151},"http://www.debian.org/security/2016/dsa-3499",[135,129,136],[138,152,140,141],"X Refsource DEBIAN",{"url":154,"sources":155,"tags":156},"https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst",[135,129,136],[146,140],{"url":158,"sources":159,"tags":160},"https://nvd.nist.gov/vuln/detail/CVE-2016-0775",[136],[141],{"url":162,"sources":163,"tags":164},"https://github.com/advisories/GHSA-8xjv-v9xq-m5h9",[136],[141],{"url":166,"sources":167,"tags":168},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml",[136],[140],{"url":170,"sources":171,"tags":172},"https://github.com/python-pillow/Pillow",[136],[173],"PACKAGE",[],{"date":176,"score":125,"percentile":177},"2026-06-04",0.78068,[179,183,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,242,245,248,251,254,257,259,262,265,268,270,273,276,279,282,285,288,291,294,297,299,301,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,368,371,374,376,379,381,384,387,390,393,396,399,402,405,407,409,412,415,418,421,423,426,428,430,433],{"date":180,"score":181,"percentile":182},"2025-11-04",0.01369,0.7958,{"date":184,"score":181,"percentile":185},"2025-11-05",0.79581,{"date":187,"score":181,"percentile":188},"2025-11-06",0.79584,{"date":190,"score":181,"percentile":191},"2025-11-07",0.79596,{"date":193,"score":181,"percentile":194},"2025-11-08",0.79603,{"date":196,"score":181,"percentile":197},"2025-11-09",0.79599,{"date":199,"score":181,"percentile":200},"2025-11-10",0.79589,{"date":202,"score":181,"percentile":203},"2025-11-11",0.79592,{"date":205,"score":181,"percentile":206},"2025-11-12",0.79607,{"date":208,"score":181,"percentile":209},"2025-11-13",0.79616,{"date":211,"score":181,"percentile":212},"2025-11-14",0.79622,{"date":214,"score":181,"percentile":215},"2025-11-15",0.7962,{"date":217,"score":181,"percentile":218},"2025-11-16",0.79621,{"date":220,"score":181,"percentile":221},"2025-11-17",0.79618,{"date":223,"score":181,"percentile":224},"2025-11-18",0.78555,{"date":226,"score":181,"percentile":227},"2025-11-19",0.78563,{"date":229,"score":181,"percentile":230},"2025-11-20",0.78572,{"date":232,"score":181,"percentile":233},"2025-11-21",0.79639,{"date":235,"score":181,"percentile":236},"2025-11-22",0.79644,{"date":238,"score":181,"percentile":239},"2025-11-23",0.79635,{"date":241,"score":181,"percentile":239},"2025-11-24",{"date":243,"score":181,"percentile":244},"2025-11-25",0.79636,{"date":246,"score":181,"percentile":247},"2025-11-26",0.79638,{"date":249,"score":181,"percentile":250},"2025-11-27",0.7964,{"date":252,"score":181,"percentile":253},"2025-11-28",0.79633,{"date":255,"score":181,"percentile":256},"2025-11-29",0.79637,{"date":258,"score":181,"percentile":244},"2025-11-30",{"date":260,"score":181,"percentile":261},"2025-12-01",0.79728,{"date":263,"score":181,"percentile":264},"2025-12-02",0.79731,{"date":266,"score":181,"percentile":267},"2025-12-03",0.79732,{"date":269,"score":181,"percentile":233},"2025-12-04",{"date":271,"score":181,"percentile":272},"2025-12-05",0.79642,{"date":274,"score":181,"percentile":275},"2025-12-06",0.79645,{"date":277,"score":181,"percentile":278},"2025-12-07",0.79647,{"date":280,"score":181,"percentile":281},"2025-12-08",0.7965,{"date":283,"score":181,"percentile":284},"2025-12-09",0.79666,{"date":286,"score":181,"percentile":287},"2025-12-10",0.79691,{"date":289,"score":181,"percentile":290},"2025-12-11",0.79704,{"date":292,"score":181,"percentile":293},"2025-12-12",0.79722,{"date":295,"score":181,"percentile":296},"2025-12-13",0.79724,{"date":298,"score":181,"percentile":296},"2025-12-14",{"date":300,"score":181,"percentile":293},"2025-12-15",{"date":302,"score":181,"percentile":264},"2025-12-16",{"date":304,"score":181,"percentile":305},"2025-12-17",0.79741,{"date":307,"score":181,"percentile":308},"2025-12-18",0.7976,{"date":310,"score":181,"percentile":311},"2025-12-19",0.79769,{"date":313,"score":181,"percentile":314},"2025-12-20",0.79762,{"date":316,"score":181,"percentile":317},"2025-12-21",0.79754,{"date":319,"score":181,"percentile":320},"2025-12-22",0.79755,{"date":322,"score":181,"percentile":323},"2025-12-23",0.79756,{"date":325,"score":181,"percentile":326},"2025-12-24",0.79771,{"date":328,"score":181,"percentile":329},"2025-12-25",0.79793,{"date":331,"score":181,"percentile":332},"2025-12-26",0.79788,{"date":334,"score":181,"percentile":335},"2025-12-27",0.79831,{"date":337,"score":181,"percentile":338},"2025-12-28",0.79777,{"date":340,"score":181,"percentile":341},"2025-12-29",0.79774,{"date":343,"score":181,"percentile":344},"2025-12-30",0.79779,{"date":346,"score":181,"percentile":347},"2025-12-31",0.79792,{"date":349,"score":181,"percentile":350},"2026-01-01",0.79882,{"date":352,"score":181,"percentile":353},"2026-01-02",0.7988,{"date":355,"score":181,"percentile":356},"2026-01-03",0.79878,{"date":358,"score":181,"percentile":359},"2026-01-04",0.79782,{"date":361,"score":181,"percentile":362},"2026-01-05",0.7978,{"date":364,"score":181,"percentile":365},"2026-01-06",0.79783,{"date":367,"score":181,"percentile":332},"2026-01-07",{"date":369,"score":181,"percentile":370},"2026-01-08",0.79797,{"date":372,"score":181,"percentile":373},"2026-01-09",0.79798,{"date":375,"score":181,"percentile":370},"2026-01-10",{"date":377,"score":181,"percentile":378},"2026-01-11",0.7979,{"date":380,"score":181,"percentile":341},"2026-01-12",{"date":382,"score":181,"percentile":383},"2026-01-13",0.79772,{"date":385,"score":125,"percentile":386},"2026-01-14",0.77262,{"date":388,"score":125,"percentile":389},"2026-01-15",0.77265,{"date":391,"score":125,"percentile":392},"2026-01-16",0.77273,{"date":394,"score":125,"percentile":395},"2026-01-17",0.77276,{"date":397,"score":125,"percentile":398},"2026-01-18",0.77269,{"date":400,"score":125,"percentile":401},"2026-01-19",0.77264,{"date":403,"score":125,"percentile":404},"2026-01-20",0.77258,{"date":406,"score":125,"percentile":401},"2026-01-21",{"date":408,"score":125,"percentile":398},"2026-01-22",{"date":410,"score":125,"percentile":411},"2026-01-23",0.77299,{"date":413,"score":125,"percentile":414},"2026-01-24",0.7731,{"date":416,"score":125,"percentile":417},"2026-01-25",0.77301,{"date":419,"score":125,"percentile":420},"2026-01-26",0.77297,{"date":422,"score":125,"percentile":411},"2026-01-27",{"date":424,"score":125,"percentile":425},"2026-01-28",0.77305,{"date":427,"score":125,"percentile":411},"2026-01-29",{"date":429,"score":125,"percentile":425},"2026-01-30",{"date":431,"score":125,"percentile":432},"2026-01-31",0.77304,{"date":434,"score":125,"percentile":435},"2026-02-01",0.77415,[437,447],{"source":129,"cvss_v2_0":438,"cvss_v3_0":443,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":439,"baseSeverity":9,"vectorString":440,"impactScore":441,"exploitabilityScore":442},4.3,"AV:N/AC:M/Au:N/C:N/I:N/A:P",2.9,8.6,{"baseScore":127,"baseSeverity":444,"vectorString":130,"impactScore":445,"exploitabilityScore":446},"MEDIUM",6,7.2,{"source":136,"cvss_v2_0":9,"cvss_v3_0":448,"cvss_v3_1":9,"cvss_v4_0":449},{"baseScore":127,"baseSeverity":9,"vectorString":130,"impactScore":445,"exploitabilityScore":446},{"baseScore":450,"baseSeverity":9,"vectorString":451,"impactScore":9,"exploitabilityScore":9},7.1,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[453,464,478],{"ecosystem":9,"name":454,"vendor":455,"product":456,"cpe_part":457,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":458},"debian linux","debian","debian_linux","o",[459,462],{"version":460,"is_range":123,"range_type":461,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":463,"is_range":123,"range_type":461,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":465,"name":466,"vendor":465,"product":466,"cpe_part":9,"purl_type":467,"purl_namespace":9,"purl_name":466,"source":9,"versions":468},"PyPI","pillow","pypi",[469,475],{"version":470,"is_range":471,"range_type":472,"version_start":9,"version_start_type":9,"version_end":473,"version_end_type":474,"fixed_in":9},"lt893a40850c2d5da41537958e40569c029a6e127b",true,"ecosystem","893a40850c2d5da41537958e40569c029a6e127b","excluding",{"version":476,"is_range":471,"range_type":472,"version_start":9,"version_start_type":9,"version_end":477,"version_end_type":474,"fixed_in":9},"lt3_1_1","3.1.1",{"ecosystem":9,"name":466,"vendor":479,"product":466,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"python","a",[482],{"version":483,"is_range":471,"range_type":461,"version_start":9,"version_start_type":9,"version_end":484,"version_end_type":485,"fixed_in":9},"lte3.1.0","3.1.0","including"]