CVE-2022-24303
https://notcve.org/view.php?id=CVE-2022-24303
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. Pillow versiones anteriores a 9.0.1, permite a atacantes eliminar archivos porque los espacios en los nombres de rutas temporales son manejados inapropiadamente • https://github.com/python-pillow/Pillow/pull/3450 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security https://security.gentoo.org/glsa/202211-10 •
CVE-2022-22816 – python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
https://notcve.org/view.php?id=CVE-2022-22816
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. La función path_getbbox en el archivo path.c en Pillow versiones anteriores a 9.0.0, presenta una lectura excesiva del buffer durante la inicialización de ImagePath.Path A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. • https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/security/cve/CVE-2022-22816 https://bugzilla.redhat.com/show_bug.cgi?id=2042522 • CWE-125: Out-of-bounds Read •
CVE-2022-22817 – python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
https://notcve.org/view.php?id=CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. PIL.ImageMath.eval en Pillow antes de la versión 9.0.0 permite la evaluación de expresiones arbitrarias, como las que utilizan el método exec de Python. También se puede utilizar una expresión lambda, A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. • https://github.com/JawadPy/CVE-2022-22817-Exploit https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/se • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-22815 – python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c
https://notcve.org/view.php?id=CVE-2022-22815
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. La función path_getbbox en el archivo path.c en Pillow versiones anteriores a 9.0.0 inicializa incorrectamente ImagePath.Path A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to improperly initializing the ImagePath. This flaw allows an attacker to access unauthorized memory that causes memory access errors, incorrect results, or crashes. • https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/security/cve/CVE-2022-22815 https://bugzilla.redhat.com/show_bug.cgi?id=2042511 • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVE-2021-23437 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2021-23437
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. El paquete pillow versiones desde la versión 5.2.0 y anteriores a 8.3.2, son vulnerables a una Denegación de Servicio por Expresión Regular (ReDoS) por medio de la función getrgb • https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html https://security.gentoo.org/glsa/202211-10 https://snyk.io/vul • CWE-125: Out-of-bounds Read •