Lucene search
+L

7 matches found

CVE
CVE
added 2022/01/07 12:0 a.m.894 views

CVE-2022-22817

CVE-2022-22817 affects Pillow’s PIL.ImageMath.eval before 9.0.0, enabling evaluation of arbitrary expressions (including code execution) via the expression parameter; a workaround/change was introduced in Pillow 9.0.0 to restrict builtins. Upgrading to 9.0.0+ (per Pillow release notes) is the adv...

9.8CVSS8.9AI score0.03399EPSS
CVE
CVE
added 2022/01/07 12:0 a.m.295 views

CVE-2022-22816

CVE-2022-22816 affects Pillow’s image path handling. The vulnerability is a buffer over-read in path_getbbox() inside path.c during initialization of ImagePath.Path, present in Pillow versions before 9.0.0. The flaw can allow reading memory outside the intended bounds. The issue is mitigated by u...

6.5CVSS7.9AI score0.01957EPSS
CVE
CVE
added 2022/01/07 12:0 a.m.293 views

CVE-2022-22815

Summary (supported by provided docs): CVE-2022-22815 concerns the Pillow Python imaging library. The issue is in path_getbbox() within path.c where ImagePath.Path is improperly initialized, enabling a buffer over-read/improper initialization that can cause memory access errors or crashes. Connect...

6.5CVSS7.7AI score0.02556EPSS
CVE
CVE
added 2022/03/28 12:0 a.m.218 views

CVE-2022-24303

Pillow (Python Imaging Library fork) is affected by CVE-2022-24303. The vulnerability arises in Pillow’s handling of spaces in temporary pathnames, enabling an attacker to delete files through path traversal-like behavior. This impacts Pillow versions before 9.0.1. The documented consequence is f...

9.1CVSS8.9AI score0.02811EPSS
CVE
CVE
added 2022/11/14 12:0 a.m.128 views

CVE-2022-45198

CVE-2022-45198 affects Pillow up to version 9.2.0, where improper handling of highly compressed GIF data (Data Amplification) can cause abnormal resource usage. Public sources confirm Pillow prior to 9.2.0 is vulnerable; advisories reference upgrades to mitigate. Debian LTS notes Pillow updates (...

7.5CVSS7.4AI score0.01184EPSS
CVE
CVE
added 2022/11/14 12:0 a.m.126 views

CVE-2022-45199

CVE-2022-45199 affects the Python Pillow library. According to connected sources, Pillow versions before 9.3.0 are vulnerable to denial of service via the SAMPLESPERPIXEL pathway, with exploitation potentially impacting availability. The CVE is associated with a base score of 7.5 ( HIGH ) under N...

7.5CVSS7.2AI score0.01102EPSS
CVE
CVE
added 2022/05/25 11:46 a.m.122 views

CVE-2022-30595

CVE-2022-30595 affects Pillow (Python Pillow library) v9.1.0, where libImaging/TgaRleDecode.c can trigger a heap-based buffer overflow when processing invalid TGA files. This is caused by improper handling in TgaRleDecode, with some sources describing potential remote code execution if exploited....

9.8CVSS9.5AI score0.01923EPSS