VDB
GCVE-110-MAGEIA-2022-166
GCVE-110-MAGEIA-2022-166
Advisory Published
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes
ImagePath.Path. (CVE-2022-22815)
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read
during initialization of ImagePath.Path. (CVE-2022-22816)
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
expressions (CVE-2022-22817)
Pillow before 9.0.1 allows attackers to delete files because spaces in
temporary pathnames are mishandled. (CVE-2022-24303)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-pillow | 0 (affected), 9.1.0-1.mga8 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.