[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-2533":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":72,"downstream":73,"duplicates":88,"related":89,"reserved_at":9,"published_at":92,"modified_at":93,"state":94,"summary":95,"references_raw":104,"kevs":173,"epss":174,"epss_history":177,"metrics":438,"affected":454},"CVE-2016-2533","Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[70,71],"GHSA-3c5c-7235-994j","PYSEC-2016-19",[],[74,76,78,80,82,84,86],{"_key":75},"SUSE-SU-2019:2334-1",{"_key":77},"SUSE-SU-2020:1194-1",{"_key":79},"UBUNTU-CVE-2016-2533",{"_key":81},"USN-3090-1",{"_key":83},"DLA-422-1",{"_key":85},"DSA-3499-1",{"_key":87},"DEBIAN-CVE-2016-2533",[],[90,91],{"_key":75},{"_key":77},"2016-04-13T16:00:00.000Z","2024-08-05T23:32:20.626Z","Modified",{"cisa_kev":96,"cisa_ransomware":96,"cisa_vendor":9,"epss_severity":97,"epss_score":98,"severity":99,"severity_score":100,"severity_version":101,"severity_source":102,"severity_vector":103,"severity_status":94},false,"low",0.02207,"medium",6.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",[105,115,121,127,132,136,140,144,148,152,156,160,164,169],{"url":106,"sources":107,"tags":110},"https://security.gentoo.org/glsa/201612-52",[108,102,109],"cve.org","osv_pypi",[111,112,113,114],"Vendor Advisory","X Refsource GENTOO","WEB","Advisory",{"url":116,"sources":117,"tags":118},"http://www.openwall.com/lists/oss-security/2016/02/22/2",[108,102,109],[119,120,113],"Mailing List","X Refsource MLIST",{"url":122,"sources":123,"tags":124},"https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b",[108,102,109],[125,113,126],"X Refsource CONFIRM","FIX",{"url":128,"sources":129,"tags":130},"http://www.debian.org/security/2016/dsa-3499",[108,102,109],[111,131,113,114],"X Refsource DEBIAN",{"url":133,"sources":134,"tags":135},"http://www.openwall.com/lists/oss-security/2016/02/02/5",[108,102,109],[119,120,113],{"url":137,"sources":138,"tags":139},"https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b",[108,102,109],[125,113,126],{"url":141,"sources":142,"tags":143},"https://github.com/python-pillow/Pillow/pull/1706",[108,102,109],[125,113],{"url":145,"sources":146,"tags":147},"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",[108,102,109],[125,113],{"url":149,"sources":150,"tags":151},"https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst",[108,102,109],[125,111,113],{"url":153,"sources":154,"tags":155},"https://nvd.nist.gov/vuln/detail/CVE-2016-2533",[109],[114],{"url":157,"sources":158,"tags":159},"https://github.com/advisories/GHSA-3c5c-7235-994j",[109],[114],{"url":161,"sources":162,"tags":163},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml",[109],[113],{"url":165,"sources":166,"tags":167},"https://github.com/python-pillow/Pillow",[109],[168],"PACKAGE",{"url":170,"sources":171,"tags":172},"https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53",[109],[113],[],{"date":175,"score":98,"percentile":176},"2026-06-04",0.84755,[178,182,184,187,190,193,196,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,248,250,252,255,258,261,264,266,269,272,275,277,280,283,286,289,292,295,298,301,303,306,309,312,314,317,320,323,326,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,386,389,392,395,398,401,404,407,410,413,416,419,421,424,426,429,432,435],{"date":179,"score":180,"percentile":181},"2025-11-04",0.01184,0.78099,{"date":183,"score":180,"percentile":181},"2025-11-05",{"date":185,"score":180,"percentile":186},"2025-11-06",0.78096,{"date":188,"score":180,"percentile":189},"2025-11-07",0.7811,{"date":191,"score":180,"percentile":192},"2025-11-08",0.78116,{"date":194,"score":180,"percentile":195},"2025-11-09",0.78111,{"date":197,"score":180,"percentile":181},"2025-11-10",{"date":199,"score":180,"percentile":200},"2025-11-11",0.781,{"date":202,"score":180,"percentile":203},"2025-11-12",0.78117,{"date":205,"score":180,"percentile":206},"2025-11-13",0.78126,{"date":208,"score":180,"percentile":209},"2025-11-14",0.78136,{"date":211,"score":180,"percentile":212},"2025-11-15",0.78133,{"date":214,"score":180,"percentile":215},"2025-11-16",0.78137,{"date":217,"score":180,"percentile":218},"2025-11-17",0.7813,{"date":220,"score":180,"percentile":221},"2025-11-18",0.76969,{"date":223,"score":180,"percentile":224},"2025-11-19",0.76976,{"date":226,"score":180,"percentile":227},"2025-11-20",0.76985,{"date":229,"score":180,"percentile":230},"2025-11-21",0.78158,{"date":232,"score":180,"percentile":233},"2025-11-22",0.78159,{"date":235,"score":180,"percentile":236},"2025-11-23",0.78148,{"date":238,"score":180,"percentile":239},"2025-11-24",0.78146,{"date":241,"score":180,"percentile":242},"2025-11-25",0.78151,{"date":244,"score":180,"percentile":245},"2025-11-26",0.78155,{"date":247,"score":180,"percentile":230},"2025-11-27",{"date":249,"score":180,"percentile":236},"2025-11-28",{"date":251,"score":180,"percentile":245},"2025-11-29",{"date":253,"score":180,"percentile":254},"2025-11-30",0.78153,{"date":256,"score":180,"percentile":257},"2025-12-01",0.78252,{"date":259,"score":180,"percentile":260},"2025-12-02",0.78259,{"date":262,"score":180,"percentile":263},"2025-12-03",0.78255,{"date":265,"score":180,"percentile":242},"2025-12-04",{"date":267,"score":180,"percentile":268},"2025-12-05",0.78157,{"date":270,"score":180,"percentile":271},"2025-12-06",0.7816,{"date":273,"score":180,"percentile":274},"2025-12-07",0.78154,{"date":276,"score":180,"percentile":230},"2025-12-08",{"date":278,"score":180,"percentile":279},"2025-12-09",0.78176,{"date":281,"score":180,"percentile":282},"2025-12-10",0.782,{"date":284,"score":180,"percentile":285},"2025-12-11",0.78216,{"date":287,"score":180,"percentile":288},"2025-12-12",0.78234,{"date":290,"score":180,"percentile":291},"2025-12-13",0.78235,{"date":293,"score":180,"percentile":294},"2025-12-14",0.78232,{"date":296,"score":180,"percentile":297},"2025-12-15",0.78231,{"date":299,"score":180,"percentile":300},"2025-12-16",0.78243,{"date":302,"score":180,"percentile":257},"2025-12-17",{"date":304,"score":180,"percentile":305},"2025-12-18",0.78267,{"date":307,"score":180,"percentile":308},"2025-12-19",0.78277,{"date":310,"score":180,"percentile":311},"2025-12-20",0.78273,{"date":313,"score":180,"percentile":305},"2025-12-21",{"date":315,"score":180,"percentile":316},"2025-12-22",0.7827,{"date":318,"score":180,"percentile":319},"2025-12-23",0.78272,{"date":321,"score":180,"percentile":322},"2025-12-24",0.78284,{"date":324,"score":180,"percentile":325},"2025-12-25",0.78305,{"date":327,"score":180,"percentile":325},"2025-12-26",{"date":329,"score":180,"percentile":330},"2025-12-27",0.78353,{"date":332,"score":180,"percentile":333},"2025-12-28",0.78294,{"date":335,"score":180,"percentile":336},"2025-12-29",0.78292,{"date":338,"score":180,"percentile":339},"2025-12-30",0.78298,{"date":341,"score":180,"percentile":342},"2025-12-31",0.78311,{"date":344,"score":180,"percentile":345},"2026-01-01",0.78423,{"date":347,"score":180,"percentile":348},"2026-01-02",0.78424,{"date":350,"score":180,"percentile":351},"2026-01-03",0.78421,{"date":353,"score":180,"percentile":354},"2026-01-04",0.78313,{"date":356,"score":180,"percentile":357},"2026-01-05",0.78307,{"date":359,"score":180,"percentile":360},"2026-01-06",0.78316,{"date":362,"score":180,"percentile":363},"2026-01-07",0.78324,{"date":365,"score":180,"percentile":366},"2026-01-08",0.78333,{"date":368,"score":180,"percentile":369},"2026-01-09",0.78336,{"date":371,"score":180,"percentile":372},"2026-01-10",0.78338,{"date":374,"score":180,"percentile":375},"2026-01-11",0.78331,{"date":377,"score":180,"percentile":378},"2026-01-12",0.78318,{"date":380,"score":180,"percentile":381},"2026-01-13",0.78314,{"date":383,"score":384,"percentile":385},"2026-01-14",0.01278,0.79122,{"date":387,"score":384,"percentile":388},"2026-01-15",0.79124,{"date":390,"score":384,"percentile":391},"2026-01-16",0.7913,{"date":393,"score":384,"percentile":394},"2026-01-17",0.79139,{"date":396,"score":384,"percentile":397},"2026-01-18",0.79135,{"date":399,"score":384,"percentile":400},"2026-01-19",0.79127,{"date":402,"score":384,"percentile":403},"2026-01-20",0.79125,{"date":405,"score":384,"percentile":406},"2026-01-21",0.79131,{"date":408,"score":384,"percentile":409},"2026-01-22",0.79142,{"date":411,"score":384,"percentile":412},"2026-01-23",0.79169,{"date":414,"score":384,"percentile":415},"2026-01-24",0.7918,{"date":417,"score":384,"percentile":418},"2026-01-25",0.79172,{"date":420,"score":384,"percentile":412},"2026-01-26",{"date":422,"score":384,"percentile":423},"2026-01-27",0.79167,{"date":425,"score":384,"percentile":423},"2026-01-28",{"date":427,"score":384,"percentile":428},"2026-01-29",0.79164,{"date":430,"score":384,"percentile":431},"2026-01-30",0.79166,{"date":433,"score":384,"percentile":434},"2026-01-31",0.7917,{"date":436,"score":384,"percentile":437},"2026-02-01",0.79266,[439,449],{"source":102,"cvss_v2_0":440,"cvss_v3_0":445,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":441,"baseSeverity":9,"vectorString":442,"impactScore":443,"exploitabilityScore":444},4.3,"AV:N/AC:M/Au:N/C:N/I:N/A:P",2.9,8.6,{"baseScore":100,"baseSeverity":446,"vectorString":103,"impactScore":447,"exploitabilityScore":448},"MEDIUM",6,7.2,{"source":109,"cvss_v2_0":9,"cvss_v3_0":450,"cvss_v3_1":9,"cvss_v4_0":451},{"baseScore":100,"baseSeverity":9,"vectorString":103,"impactScore":447,"exploitabilityScore":448},{"baseScore":452,"baseSeverity":9,"vectorString":453,"impactScore":9,"exploitabilityScore":9},7.1,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[455,466,480,490],{"ecosystem":9,"name":456,"vendor":457,"product":458,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"debian linux","debian","debian_linux","o",[461,464],{"version":462,"is_range":96,"range_type":463,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":465,"is_range":96,"range_type":463,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":467,"name":468,"vendor":467,"product":468,"cpe_part":9,"purl_type":469,"purl_namespace":9,"purl_name":468,"source":9,"versions":470},"PyPI","pillow","pypi",[471,477],{"version":472,"is_range":473,"range_type":474,"version_start":9,"version_start_type":9,"version_end":475,"version_end_type":476,"fixed_in":9},"lt3_1_1",true,"ecosystem","3.1.1","excluding",{"version":478,"is_range":473,"range_type":474,"version_start":9,"version_start_type":9,"version_end":479,"version_end_type":476,"fixed_in":9},"ltae453aa18b66af54e7ff716f4ccb33adca60afd4","ae453aa18b66af54e7ff716f4ccb33adca60afd4",{"ecosystem":9,"name":481,"vendor":482,"product":483,"cpe_part":484,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":485},"python imaging","python_imaging_project","python_imaging","a",[486],{"version":487,"is_range":473,"range_type":463,"version_start":9,"version_start_type":9,"version_end":488,"version_end_type":489,"fixed_in":9},"lte1.1.7","1.1.7","including",{"ecosystem":9,"name":468,"vendor":491,"product":468,"cpe_part":484,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":492},"python",[493],{"version":494,"is_range":473,"range_type":463,"version_start":9,"version_start_type":9,"version_end":495,"version_end_type":489,"fixed_in":9},"lte3.1.0","3.1.0"]