VDB

GCVE-VVD-MAGEIA-2024-18

GCVE-VVD-MAGEIA-2024-18
Advisory Published
Vulnetix · Advisory published January 21, 2024
This update fixes the following security issue: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter This is a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaopencpn-radar-plugin0 (affected), 5.5.0-2.mga9 (unaffected)
Mageiapython-pillow0 (affected), 9.2.0-3.1.mga9 (unaffected), 0 (affected), 9.2.0-3.1.mga9 (unaffected)

References

Updated python-pillow packages fix a security vulnerability
advisory
Updated python-pillow packages fix a security vulnerability
issue
Updated opencpn-radar-plugin contains improvements
advisory
Updated opencpn-radar-plugin contains improvements
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›