CVE-2023-50447

🗓️ 19 Jan 2024 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 505 Views

Pillow 10.1.0 allows Arbitrary Code Execution via environment paramete

Reporter	Title	Published	Views	Family All 187
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Command Injection in the RHEL UBI (CVE-2023-50447)	5 Aug 202422:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	28 Feb 202417:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to security vulnerability in Pillow 9.5.0 (CVE-2023-50447)	2 May 202417:39	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Pillow affects IBM Process Mining CVE-2023-50447	2 Apr 202409:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pillow arbitrary code execution vulnerabilitiy.	6 May 202410:34	–	ibm
IBM Security Bulletins	Security Bulletin: Pillow versions have a Denial of Service vulnerability due to uncontrolled memory allocation in ImageFont's	14 Aug 202409:50	–	ibm
ATTACKERKB	CVE-2023-50447	19 Jan 202420:15	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2024-512)	6 Feb 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : python-pillow (ALAS-2024-2444)	6 Feb 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0087: python-pillow (ALINUX3-SA-2024:0087)	14 May 202500:00	–	nessus

NVD

Vulnrichment

Node

python pillowRange≤10.1.0

Node

Source	Link
duartecsantos	www.duartecsantos.github.io/2024-01-02-CVE-2023-50447/
lists	www.lists.debian.org/debian-lts-announce/2024/01/msg00019.html
github	www.github.com/python-pillow/Pillow/releases
devhub	www.devhub.checkmarx.com/cve-details/CVE-2023-50447/
openwall	www.openwall.com/lists/oss-security/2024/01/20/1

21 Nov 2024 08:37Current

9High risk

Vulners AI Score9

CVSS 3.18.1

EPSS0.00754

SSVC