ALAS2023-2023-057 --- python-pillowID: oval:org.secpod.oval:def:19500157 | Date: (C)2023-06-12 (M)2024-03-28 |
Class: PATCH | Family: unix |
A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command
Platform: |
Amazon Linux 2023 |
Product: |
python-pillow |
python3-pillow |