Bug 2259479 (CVE-2023-50447) - CVE-2023-50447 pillow:Arbitrary Code Execution via the environment parameter [NEEDINFO]
Summary: CVE-2023-50447 pillow:Arbitrary Code Execution via the environment parameter
Keywords:
Status: NEW
Alias: CVE-2023-50447
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2259480 2259481
Blocks: 2259482
TreeView+ depends on / blocked
 
Reported: 2024-01-22 05:17 UTC by Rohit Keshri
Modified: 2024-08-07 13:10 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter.
Clone Of:
Environment:
Last Closed:
Embargoed:
joyu: needinfo? (prodsec-ir-bot)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:1064 0 None None None 2024-03-04 08:08:13 UTC
Red Hat Product Errata RHBA-2024:1189 0 None None None 2024-03-06 14:25:50 UTC
Red Hat Product Errata RHSA-2024:0754 0 None None None 2024-02-08 18:33:49 UTC
Red Hat Product Errata RHSA-2024:0857 0 None None None 2024-02-19 01:31:50 UTC
Red Hat Product Errata RHSA-2024:0893 0 None None None 2024-02-20 12:31:08 UTC
Red Hat Product Errata RHSA-2024:1058 0 None None None 2024-02-29 17:28:06 UTC
Red Hat Product Errata RHSA-2024:1059 0 None None None 2024-02-29 17:20:11 UTC
Red Hat Product Errata RHSA-2024:1060 0 None None None 2024-02-29 17:25:38 UTC
Red Hat Product Errata RHSA-2024:3781 0 None None None 2024-06-10 18:37:01 UTC

Description Rohit Keshri 2024-01-22 05:17:00 UTC 
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

http://www.openwall.com/lists/oss-security/2024/01/20/1
https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
https://github.com/python-pillow/Pillow/releases
Comment 1 Rohit Keshri 2024-01-22 05:18:45 UTC 
Created python-pillow tracking bugs for this issue:

Affects: fedora-all [bug 2259480]
Comment 4 Lumír Balhar 2024-01-25 08:24:26 UTC 
Fix: https://github.com/python-pillow/Pillow/pull/7655/files
Comment 6 errata-xmlrpc 2024-02-08 18:33:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0754 https://access.redhat.com/errata/RHSA-2024:0754
Comment 7 errata-xmlrpc 2024-02-19 01:31:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0857 https://access.redhat.com/errata/RHSA-2024:0857
Comment 8 errata-xmlrpc 2024-02-20 12:31:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0893 https://access.redhat.com/errata/RHSA-2024:0893
Comment 9 errata-xmlrpc 2024-02-29 17:20:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:1059 https://access.redhat.com/errata/RHSA-2024:1059
Comment 10 errata-xmlrpc 2024-02-29 17:25:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:1060 https://access.redhat.com/errata/RHSA-2024:1060
Comment 11 errata-xmlrpc 2024-02-29 17:28:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1058 https://access.redhat.com/errata/RHSA-2024:1058
Comment 15 errata-xmlrpc 2024-06-10 18:36:59 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:3781 https://access.redhat.com/errata/RHSA-2024:3781
Comment 16 joyu 2024-08-06 21:55:13 UTC 
Hi Redhat team,

May I know if Red Hat Enterprise Linux 9 is impacted?
Comment 17 Lumír Balhar 2024-08-07 13:10:30 UTC 
(In reply to joyu from comment #16)
> Hi Redhat team,
> 
> May I know if Red Hat Enterprise Linux 9 is impacted?

python-pillow is not available in Centos stream 9 and RHEL 9.
Note You need to log in before you can comment on or make changes to this bug.