Security Advisory Description
- path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. (CVE-2022-22816)
- PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used, (CVE-2022-22817)
Impact
There is no impact; F5 products are not affected by this vulnerability.