CVE-2023-50447

2024-01-1920:15:11

Debian Security Bug Tracker

security-tracker.debian.org

pillow imagemath arbitrarycodeexecution unix environmentparameter vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.6%

JSON

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

OSVersionArchitecturePackageVersionFilename
Debian12allpillow< 9.4.0-1.1+deb12u1pillow_9.4.0-1.1+deb12u1_all.deb
Debian11allpillow< 8.1.2+dfsg-0.3+deb11u2pillow_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian999allpillow< 10.2.0-1pillow_10.2.0-1_all.deb
Debian13allpillow< 10.2.0-1pillow_10.2.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	pillow	< 9.4.0-1.1+deb12u1	pillow_9.4.0-1.1+deb12u1_all.deb
Debian	11	all	pillow	< 8.1.2+dfsg-0.3+deb11u2	pillow_8.1.2+dfsg-0.3+deb11u2_all.deb
Debian	999	all	pillow	< 10.2.0-1	pillow_10.2.0-1_all.deb
Debian	13	all	pillow	< 10.2.0-1	pillow_10.2.0-1_all.deb