38 matches found
Astra Linux – Vulnerability in pillow
Pillow through 10.1.0 allows for arbitrary code execution via the environment parameter. This is a different vulnerability than CVE-2022-22817, which involved the expression parameter...
MiracleLinux 8 : python-pillow-5.1.1-18.el8 (AXSA:2022-3080:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3080:02 advisory. python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions CVE-2022-22817 python-pillow: buffer over-read during initialization of...
CVE-2022-22817
creationtimestamp| type| source ---|---|--- 2025-07-22 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-04...
python311-Pillow-11.1.0-1.1 on GA media (moderate)
python311-Pillow-11.1.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14645-1 Rating: moderate Cross-References: CVE-2022-22817 CVE-2022-24303 CVE-2022-30595 CVSS scores: CVE-2022-22817 SUSE : 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2022-24303 SUSE : 5.9...
Debian: Security Advisory (DLA-3768-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : python-pillow (RHSA-2024:1059)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1059 advisory. The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representatio...
Updated python-pillow packages fix a security vulnerability
This update fixes the following security issue: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter This is a different vulnerability than CVE-2022-22817 which was about the expression parameter...
Code injection
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
K23413369: Python-Pillow vulnerabilities CVE-2022-22816, CVE-2022-22817
Security Advisory Description pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2023-1288)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : python-pillow Multiple Vulnerabilities (NS-SA-2022-0081)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-pillow packages installed that are affected by multiple vulnerabilities: - pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 -...
USN-5227-3 pillow vulnerability
USN-5227-1 fixed vulnerabilities in Pillow. It was discovered that the fix for CVE-2022-22817 was incomplete. This update fixes the problem. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a...
EulerOS Virtualization 2.10.1 : python-pillow (EulerOS-SA-2022-2065)
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c ...
Mageia: Security Advisory (MGASA-2022-0166)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-1690)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: python-pillow
Issue Overview: A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-1583)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-1436)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-1495)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-1457)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...