CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

Tenable Nessus•added 2022/04/18 12:0 a.m.•42 views

EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2022-1457)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow befor...

9.8CVSS7.3AI score0.02781EPSS

Exploits0References4

RedHat Linux•added 2022/02/24 9:55 a.m.•1 views

python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes...

6.5CVSS5.9AI score0.00137EPSS

Exploits0References5

Tenable Nessus•added 2022/02/24 12:0 a.m.•25 views

RHEL 8 : python-pillow (RHSA-2022:0665)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0665 advisory. The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal...

9.8CVSS7.4AI score0.02781EPSS

Exploits0References6

Tenable Nessus•added 2022/02/24 12:0 a.m.•29 views

RHEL 8 : python-pillow (RHSA-2022:0669)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0669 advisory. The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal...

9.8CVSS7.4AI score0.02781EPSS

Exploits0References6

Rockylinux•added 2022/02/22 5:25 p.m.•41 views

python-pillow security update

An update is available for python-pillow. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-pillow packages contain a Python image processing library th...

9.8CVSS8.5AI score0.02781EPSS

Exploits0

OSV•added 2022/02/14 11:3 a.m.•2 views

OESA-2022-1526 python-pillow security update

Python image processing library. Security Fixes: pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec...

9.8CVSS6.8AI score0.02781EPSS

Exploits0References4

BDU FSTEC•added 2022/02/04 12:0 a.m.•2 views

The vulnerability of the `path_getbbox` function in the Python Pillow image processing library, related to an incorrect path limitation for the directory, allows a hacker to gain access to arbitrary files on the system.

The vulnerability of the pathgetbbox function in the Python Pillow image processing library is related to an incorrect path limitation for the directory. Exploiting this vulnerability could allow a malicious actor to gain access to arbitrary files on the system by sending a specially crafted HTTP...

7.8CVSS0.00095EPSS

Exploits0References12Affected Software6

Tenable Nessus•added 2022/01/23 12:0 a.m.•44 views

Debian DLA-2893-1 : pillow - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2893 advisory. - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow before 9.0.0 has a buffer...

9.8CVSS7.4AI score0.02781EPSS

Exploits0References9

Github Security Blog•added 2022/01/12 8:7 p.m.•49 views

Improper Initialization in Pillow

Pillow is the friendly PIL Python Imaging Library fork. pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.5CVSS7.8AI score0.00095EPSS

Exploits0References11Affected Software1

OSV•added 2022/01/12 8:7 p.m.•27 views

GHSA-PW3C-H7WP-CVHX Improper Initialization in Pillow

Pillow is the friendly PIL Python Imaging Library fork. pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.9CVSS7.9AI score0.00095EPSS

Exploits0References12

OSV•added 2022/01/12 8:7 p.m.•31 views

GHSA-XRCV-F9GM-V42C Out-of-bounds Read in Pillow

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

6.9CVSS8.2AI score0.00137EPSS

Exploits0References11

Veracode•added 2022/01/11 1:16 p.m.•22 views

Out Of Bound Reads

pillow is vulnerable to out of bound reads. The vulnerability exists in pathgetbbox function of path.c due to improper handling of path count which allows an attacker to read sensitive information or causes an application crash...

6.5CVSS2.3AI score0.00137EPSS

Exploits0References8Affected Software3

Veracode•added 2022/01/11 4:8 a.m.•20 views

Denial Of Service (DoS)

pillow is vulnerable to denial of service. The pathgetbbox in path.c does not properly initialize the coordinates for zero values, allowing an attacker to cause an application crash through the ImagePath.Path...

6.5CVSS3.5AI score0.00095EPSS

Exploits0References7Affected Software3

OSV•added 2022/01/10 2:12 p.m.•1 views

ALPINE-CVE-2022-22815

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.5CVSS7AI score0.00095EPSS

Exploits0References1

OSV•added 2022/01/10 2:12 p.m.•1 views

DEBIAN-CVE-2022-22816

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

6.5CVSS7AI score0.00137EPSS

Exploits0References1