vulnerability
CentOS Linux: CVE-2022-22817: Important: python-pillow security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 10, 2022 | Feb 23, 2022 | Dec 12, 2023 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 10, 2022
Added
Feb 23, 2022
Modified
Dec 12, 2023
Description
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
Solutions
centos-upgrade-python-pillowcentos-upgrade-python-pillow-debuginfocentos-upgrade-python-pillow-debugsourcecentos-upgrade-python-pillow-develcentos-upgrade-python-pillow-doccentos-upgrade-python-pillow-qtcentos-upgrade-python-pillow-sanecentos-upgrade-python-pillow-tkcentos-upgrade-python3-pillowcentos-upgrade-python3-pillow-debuginfocentos-upgrade-python3-pillow-tk-debuginfo
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.