Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2022-1786

Related Vulnerabilities: CVE-2022-22815   CVE-2022-22816   CVE-2022-22817  

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. (CVE-2022-22815) A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. (CVE-2022-22816) A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command. (CVE-2022-22817)

Source

ALAS2-2022-1786

Amazon Linux 2 Security Advisory: ALAS-2022-1786
Advisory Release Date: 2022-04-25 22:58 Pacific
Advisory Updated Date: 2022-04-27 16:35 Pacific
Severity: Important
Issue Overview:

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. (CVE-2022-22815)

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes. (CVE-2022-22816)

A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command. (CVE-2022-22817)


Affected Packages:

python-pillow


Issue Correction:
Run yum update python-pillow to update your system.

New Packages:
aarch64:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.1.aarch64
    python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.1.aarch64
    python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.1.aarch64
    python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.1.aarch64
    python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.1.aarch64
    python-pillow-debuginfo-2.0.0-23.gitd1c6db8.amzn2.0.1.aarch64

i686:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.1.i686
    python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.1.i686
    python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.1.i686
    python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.1.i686
    python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.1.i686
    python-pillow-debuginfo-2.0.0-23.gitd1c6db8.amzn2.0.1.i686

src:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.1.src

x86_64:
    python-pillow-2.0.0-23.gitd1c6db8.amzn2.0.1.x86_64
    python-pillow-devel-2.0.0-23.gitd1c6db8.amzn2.0.1.x86_64
    python-pillow-doc-2.0.0-23.gitd1c6db8.amzn2.0.1.x86_64
    python-pillow-sane-2.0.0-23.gitd1c6db8.amzn2.0.1.x86_64
    python-pillow-tk-2.0.0-23.gitd1c6db8.amzn2.0.1.x86_64
    python-pillow-debuginfo-2.0.0-23.gitd1c6db8.amzn2.0.1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started