CVE-2022-22816 – python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
https://notcve.org/view.php?id=CVE-2022-22816
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. La función path_getbbox en el archivo path.c en Pillow versiones anteriores a 9.0.0, presenta una lectura excesiva del buffer durante la inicialización de ImagePath.Path A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. • https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/security/cve/CVE-2022-22816 https://bugzilla.redhat.com/show_bug.cgi?id=2042522 • CWE-125: Out-of-bounds Read •
CVE-2022-22817 – python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
https://notcve.org/view.php?id=CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. PIL.ImageMath.eval en Pillow antes de la versión 9.0.0 permite la evaluación de expresiones arbitrarias, como las que utilizan el método exec de Python. También se puede utilizar una expresión lambda, A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. • https://github.com/JawadPy/CVE-2022-22817-Exploit https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/se • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-22815 – python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c
https://notcve.org/view.php?id=CVE-2022-22815
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. La función path_getbbox en el archivo path.c en Pillow versiones anteriores a 9.0.0 inicializa incorrectamente ImagePath.Path A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to improperly initializing the ImagePath. This flaw allows an attacker to access unauthorized memory that causes memory access errors, incorrect results, or crashes. • https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/security/cve/CVE-2022-22815 https://bugzilla.redhat.com/show_bug.cgi?id=2042511 • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVE-2021-23437 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2021-23437
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. El paquete pillow versiones desde la versión 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegación de Servicio por Expresión Regular (ReDoS) por medio de la función getrgb • https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html https://security.gentoo.org/glsa/202211-10 https://snyk.io/vul • CWE-125: Out-of-bounds Read •
CVE-2021-34552 – python-pillow: Buffer overflow in image convert function
https://notcve.org/view.php?id=CVE-2021-34552
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Pillow versiones hasta 8.2.0 y PIL (también se conoce como Python Imaging Library) versiones hasta 1.1.7, permiten a un atacante pasar parámetros controlados directamente a una función de conversión para desencadenar un desbordamiento de búfer en el archivo Convert.c A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the "convert()" or "ImagingConvertTransparent()" functions in Convert.c. The highest threat to this vulnerability is to system availability. In Red Hat Quay, a vulnerable version of python-pillow is shipped with quay-registry-container, however the invoice generation feature which uses python-pillow is disabled by default. Therefore impact has been rated Moderate. • https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow https://pillow.readthedocs.io/en/stable/releasenotes/index.html https://security.gentoo.org/glsa/202211-10 https://access.redha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •