CVE-2022-22817
Summary
| CVE | CVE-2022-22817 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-10 14:12:00 UTC |
| Updated | 2023-12-10 18:15:00 UTC |
| Description | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used, |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Python | Pillow | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 9.0.1 — Pillow (PIL Fork) 9.0.1 documentation | CONFIRM | pillow.readthedocs.io | |
| Debian -- Security Information -- DSA-5053-1 pillow | DEBIAN | www.debian.org | |
| 9.0.0 — Pillow (PIL Fork) 9.0.0 documentation | MISC | pillow.readthedocs.io | |
| Pillow: Multiple Vulnerabilities (GLSA 202211-10) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] [DLA 2893-1] pillow security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159644 Oracle Enterprise Linux Security Update for python-pillow (ELSA-2022-0643)
- 159676 Oracle Enterprise Linux Security Update for python-pillow (ELSA-2022-0609)
- 179015 Debian Security Update for pillow (DSA 5053-1)
- 179022 Debian Security Update for pillow (DLA 2893-1)
- 181913 Debian Security Update for pillow (CVE-2022-22817)
- 198632 Ubuntu Security Notification for Pillow Vulnerabilities (USN-5227-1)
- 199002 Ubuntu Security Notification for Pillow Vulnerability (USN-5227-3)
- 240104 Red Hat Update for python-pillow (RHSA-2022:0609)
- 240105 Red Hat Update for python-pillow (RHSA-2022:0643)
- 240109 Red Hat Update for python-pillow (RHSA-2022:0667)
- 240114 Red Hat Update for python-pillow (RHSA-2022:0665)
- 257156 CentOS Security Update for python-pillow (CESA-2022:0609)
- 282334 Fedora Security Update for mingw (FEDORA-2022-a1bc7decc9)
- 282335 Fedora Security Update for mingw (FEDORA-2022-e4087f9366)
- 296062 Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)
- 353267 Amazon Linux Security Advisory for python-pillow : ALAS2-2022-1786
- 354453 Amazon Linux Security Advisory for python-pillow : ALAS2022-2022-196
- 355177 Amazon Linux Security Advisory for python-pillow : ALAS2023-2023-057
- 377242 Alibaba Cloud Linux Security Update for python-pillow (ALINUX2-SA-2022:0014)
- 377325 Alibaba Cloud Linux Security Update for python-pillow (ALINUX3-SA-2022:0012)
- 502019 Alpine Linux Security Update for py3-pillow
- 502344 Alpine Linux Security Update for py3-pillow
- 505321 Alpine Linux Security Update for py3-pillow
- 6000536 Debian Security Update for pillow (DLA 3768-1)
- 671473 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1436)
- 671476 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1457)
- 671503 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1514)
- 671507 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1495)
- 671547 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1549)
- 671591 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1583)
- 671670 EulerOS Security Update for python-pillow (EulerOS-SA-2022-1760)
- 710682 Gentoo Linux Pillow Multiple Vulnerabilities (GLSA 202211-10)
- 940457 AlmaLinux Security Update for python-pillow (ALSA-2022:0643)
- 960856 Rocky Linux Security Update for python-pillow (RLSA-2022:0643)