22 matches found
Astra Linux – Vulnerability in pillow
Pillow through 10.1.0 allows for arbitrary code execution via the environment parameter. This is a different vulnerability than CVE-2022-22817, which involved the expression parameter...
Astra Linux – Vulnerability in pillow
In Pillow’s PIL.ImageMath.eval before version 9.0.0, it was possible to evaluate arbitrary expressions, including those that used the Python exec method. A lambda expression could also be used...
Linux Distros Unpatched Vulnerability : CVE-2022-22817
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could al...
pillow: Arbitrary Code Execution via the environment parameter
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...
pillow: Arbitrary Code Execution via the environment parameter
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...
pillow: Arbitrary Code Execution via the environment parameter
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...
pillow: Arbitrary Code Execution via the environment parameter
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...
pillow: Arbitrary Code Execution via the environment parameter
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...
Important: python-pillow
Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...
The vulnerability of the eval() function in the ImageMath module of the Pillow library allows a hacker to execute arbitrary code.
The vulnerability of the eval function in the ImageMath module of the Pillow library relates to improper code generation during the processing of the environment parameter. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
SUSE CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
DEBIAN-CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
PT-2023-8447
Name of the Vulnerable Software and Affected Versions Pillow versions prior to 10.2.0 Description The issue is related to the incorrect management of code generation in the eval function of the ImageMath module in the Pillow library when processing the environment parameter. This can allow a remo...
python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...
python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...
python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...
python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...
OESA-2022-1526 python-pillow security update
Python image processing library. Security Fixes: pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec...
The vulnerability of the PIL.ImageMath.eval component in the Python Pillow image processing library, which is related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.
The vulnerability of the PIL.ImageMath.eval function in the Python Pillow library is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the system by sending a specially crafted file to the vulnerable library...
UBUNTU-CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...