RLSA-2022:0643

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2022:0643.json

Related

• CVE-2022-22815
• CVE-2022-22816
• CVE-2022-22817

Published

2022-02-22T17:25:31Z

Modified

2023-02-02T13:35:24.294185Z

Details

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

• python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions (CVE-2022-22817)

• python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c (CVE-2022-22816)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

• https://errata.rockylinux.org/RLSA-2022:0643
• https://bugzilla.redhat.com/show_bug.cgi?id=2042522
• https://bugzilla.redhat.com/show_bug.cgi?id=2042527