Advisories » MGASA-2024-0018

Updated python-pillow packages fix a security vulnerability

Publication date: 30 Jan 2024
Modification date: 30 Jan 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-50447

Description

This update fixes the following security issue:
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution
via the environment parameter This is a different vulnerability than
CVE-2022-22817 (which was about the expression parameter).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32756
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447

SRPMS

9/core

• python-pillow-9.2.0-3.1.mga9