6 matches found
CVE-2022-22817
CVE-2022-22817 affects Pillow’s PIL.ImageMath.eval before 9.0.0, enabling evaluation of arbitrary expressions (including code execution) via the expression parameter; a workaround/change was introduced in Pillow 9.0.0 to restrict builtins. Upgrading to 9.0.0+ (per Pillow release notes) is the adv...
CVE-2022-22816
CVE-2022-22816 affects Pillow’s image path handling. The vulnerability is a buffer over-read in path_getbbox() inside path.c during initialization of ImagePath.Path, present in Pillow versions before 9.0.0. The flaw can allow reading memory outside the intended bounds. The issue is mitigated by u...
CVE-2022-22815
Summary (supported by provided docs): CVE-2022-22815 concerns the Pillow Python imaging library. The issue is in path_getbbox() within path.c where ImagePath.Path is improperly initialized, enabling a buffer over-read/improper initialization that can cause memory access errors or crashes. Connect...
CVE-2022-24303
Pillow (Python Imaging Library fork) is affected by CVE-2022-24303. The vulnerability arises in Pillow’s handling of spaces in temporary pathnames, enabling an attacker to delete files through path traversal-like behavior. This impacts Pillow versions before 9.0.1. The documented consequence is f...
CVE-2022-45198
CVE-2022-45198 affects Pillow up to version 9.2.0, where improper handling of highly compressed GIF data (Data Amplification) can cause abnormal resource usage. Public sources confirm Pillow prior to 9.2.0 is vulnerable; advisories reference upgrades to mitigate. Debian LTS notes Pillow updates (...
CVE-2022-45199
CVE-2022-45199 affects the Python Pillow library. According to connected sources, Pillow versions before 9.3.0 are vulnerable to denial of service via the SAMPLESPERPIXEL pathway, with exploitation potentially impacting availability. The CVE is associated with a base score of 7.5 ( HIGH ) under N...