{"url":"http://public2.vulnerablecode.io/api/packages/18551?format=json","purl":"pkg:pypi/pillow@8.3.2","type":"pypi","namespace":"","name":"pillow","version":"8.3.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"12.1.1","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9760?format=json","vulnerability_id":"VCID-19e1-19hk-duet","summary":"Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45198","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51379","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51373","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51414","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51393","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5141","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5143","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5476","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5478","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54757","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54703","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54745","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54801","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45198"},{"reference_url":"https://bugs.gentoo.org/855683","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.gentoo.org/855683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198"},{"reference_url":"https://cwe.mitre.org/data/definitions/409.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwe.mitre.org/data/definitions/409.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/6402","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/6402"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea"},{"reference_url":"https://github.com/python-pillow/Pillow/releases/tag/9.2.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/releases/tag/9.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45198","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45198"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://github.com/advisories/GHSA-m2vv-5vj5-2hm7","reference_id":"GHSA-m2vv-5vj5-2hm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2vv-5vj5-2hm7"},{"reference_url":"https://usn.ubuntu.com/5777-1/","reference_id":"USN-5777-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5777-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5777-2/","reference_id":"USN-USN-5777-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5777-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30049?format=json","purl":"pkg:pypi/pillow@9.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4n96-uzyf-tud6"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0"}],"aliases":["BIT-pillow-2022-45198","CVE-2022-45198","GHSA-m2vv-5vj5-2hm7","PYSEC-2022-42979"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19e1-19hk-duet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15243?format=json","vulnerability_id":"VCID-5rv4-k1q9-zue2","summary":"Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.","references":[{"reference_url":"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863","reference_id":"","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5129","reference_id":"","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54025?format=json","purl":"pkg:pypi/pillow@10.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1"}],"aliases":["PYSEC-2023-175"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5rv4-k1q9-zue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13028?format=json","vulnerability_id":"VCID-64n5-pugj-vue8","summary":"Pillow buffer overflow vulnerability\nIn _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28219","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49512","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49541","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49496","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49494","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49505","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49509","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49454","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57765","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57745","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57805","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57746","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57701","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57743","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28219","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28219"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/"}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272563","reference_id":"2272563","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272563"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/","reference_id":"4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/"},{"reference_url":"https://github.com/advisories/GHSA-44wm-f244-xhp3","reference_id":"GHSA-44wm-f244-xhp3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-44wm-f244-xhp3"},{"reference_url":"https://security.gentoo.org/glsa/202411-07","reference_id":"GLSA-202411-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202411-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3781","reference_id":"RHSA-2024:3781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4227","reference_id":"RHSA-2024:4227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5662","reference_id":"RHSA-2024:5662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5662"},{"reference_url":"https://usn.ubuntu.com/6744-1/","reference_id":"USN-6744-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6744-1/"},{"reference_url":"https://usn.ubuntu.com/6744-2/","reference_id":"USN-6744-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6744-2/"},{"reference_url":"https://usn.ubuntu.com/6744-3/","reference_id":"USN-6744-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6744-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46441?format=json","purl":"pkg:pypi/pillow@10.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-67yw-ej31-8ub1"},{"vulnerability":"VCID-ca8h-871t-t3dd"},{"vulnerability":"VCID-ec8u-v4e2-wqgn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.3.0"}],"aliases":["CVE-2024-28219","GHSA-44wm-f244-xhp3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64n5-pugj-vue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14264?format=json","vulnerability_id":"VCID-9ckw-ra54-z3b7","summary":"Arbitrary Code Execution in Pillow\nPillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50447","reference_id":"","reference_type":"","scores":[{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.72016","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71987","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71951","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71959","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71962","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71956","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73219","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73244","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73225","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.73261","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00754","scoring_system":"epss","scoring_elements":"0.7327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73555","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.7355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.73578","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219"},{"reference_url":"https://devhub.checkmarx.com/cve-details/CVE-2023-50447","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://devhub.checkmarx.com/cve-details/CVE-2023-50447"},{"reference_url":"https://duartecsantos.github.io/2023-01-02-CVE-2023-50447","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://duartecsantos.github.io/2023-01-02-CVE-2023-50447"},{"reference_url":"https://duartecsantos.github.io/2024-01-02-CVE-2023-50447","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://duartecsantos.github.io/2024-01-02-CVE-2023-50447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a"},{"reference_url":"https://github.com/python-pillow/Pillow/releases","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/"}],"url":"https://github.com/python-pillow/Pillow/releases"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50447","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50447"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/20/1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/01/20/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172","reference_id":"1061172","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172"},{"reference_url":"https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/","reference_id":"2024-01-02-CVE-2023-50447","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/"}],"url":"https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259479","reference_id":"2259479","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259479"},{"reference_url":"https://devhub.checkmarx.com/cve-details/CVE-2023-50447/","reference_id":"CVE-2023-50447","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/"}],"url":"https://devhub.checkmarx.com/cve-details/CVE-2023-50447/"},{"reference_url":"https://github.com/advisories/GHSA-3f63-hfp8-52jq","reference_id":"GHSA-3f63-hfp8-52jq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f63-hfp8-52jq"},{"reference_url":"https://security.gentoo.org/glsa/202405-12","reference_id":"GLSA-202405-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0754","reference_id":"RHSA-2024:0754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0857","reference_id":"RHSA-2024:0857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0893","reference_id":"RHSA-2024:0893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1058","reference_id":"RHSA-2024:1058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1059","reference_id":"RHSA-2024:1059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1060","reference_id":"RHSA-2024:1060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3781","reference_id":"RHSA-2024:3781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3781"},{"reference_url":"https://usn.ubuntu.com/6618-1/","reference_id":"USN-6618-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6618-1/"},{"reference_url":"https://usn.ubuntu.com/8135-1/","reference_id":"USN-8135-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8135-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50454?format=json","purl":"pkg:pypi/pillow@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64n5-pugj-vue8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.2.0"}],"aliases":["CVE-2023-50447","GHSA-3f63-hfp8-52jq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ckw-ra54-z3b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8707?format=json","vulnerability_id":"VCID-brp2-dtrf-jyfr","summary":"Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24303","reference_id":"","reference_type":"","scores":[{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80769","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80748","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80727","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80711","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80694","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.8067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.8059","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9j59-75qj-795w","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9j59-75qj-795w"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/3450","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/3450"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/6010","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/6010"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052682","reference_id":"2052682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052682"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24303","reference_id":"CVE-2022-24303","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24303"},{"reference_url":"https://usn.ubuntu.com/5777-1/","reference_id":"USN-5777-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5777-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5777-2/","reference_id":"USN-USN-5777-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5777-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26287?format=json","purl":"pkg:pypi/pillow@9.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1"}],"aliases":["BIT-pillow-2022-24303","CVE-2022-24303","GHSA-9j59-75qj-795w","GMS-2022-348","PYSEC-2022-168"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brp2-dtrf-jyfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19285?format=json","vulnerability_id":"VCID-d7uf-zdbv-sba1","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5129","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5129"},{"reference_url":"https://github.com/advisories/GHSA-56pw-mpj4-fxww","reference_id":"GHSA-56pw-mpj4-fxww","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-56pw-mpj4-fxww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54025?format=json","purl":"pkg:pypi/pillow@10.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1"}],"aliases":["GHSA-56pw-mpj4-fxww","GMS-2023-3137"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7uf-zdbv-sba1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7545?format=json","vulnerability_id":"VCID-df4x-jt3h-17hx","summary":"path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22816","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33176","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33108","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33537","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33495","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33623","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33219","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.333","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.3332","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.3348","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33514","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33501","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33525","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xrcv-f9gm-v42c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrcv-f9gm-v42c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/5920","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/5920"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://www.debian.org/security/2022/dsa-5053","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042522","reference_id":"2042522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042522"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22816","reference_id":"CVE-2022-22816","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0609","reference_id":"RHSA-2022:0609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0643","reference_id":"RHSA-2022:0643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0665","reference_id":"RHSA-2022:0665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0667","reference_id":"RHSA-2022:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0669","reference_id":"RHSA-2022:0669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0669"},{"reference_url":"https://usn.ubuntu.com/5227-1/","reference_id":"USN-5227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-1/"},{"reference_url":"https://usn.ubuntu.com/5227-2/","reference_id":"USN-5227-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23250?format=json","purl":"pkg:pypi/pillow@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-brp2-dtrf-jyfr"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-q4bb-qnxe-8bfa"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0"}],"aliases":["BIT-pillow-2022-22816","CVE-2022-22816","GHSA-xrcv-f9gm-v42c","PYSEC-2022-9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-df4x-jt3h-17hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7559?format=json","vulnerability_id":"VCID-dpc3-td9q-dyee","summary":"path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22815","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26151","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26096","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26032","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2615","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26201","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26208","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26277","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26314","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2634","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2639","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2631","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26428","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26529","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pw3c-h7wp-cvhx","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw3c-h7wp-cvhx"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331"},{"reference_url":"https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/5920","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/5920"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling"},{"reference_url":"https://www.debian.org/security/2022/dsa-5053","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042511","reference_id":"2042511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042511"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22815","reference_id":"CVE-2022-22815","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0643","reference_id":"RHSA-2022:0643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0643"},{"reference_url":"https://usn.ubuntu.com/5227-1/","reference_id":"USN-5227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-1/"},{"reference_url":"https://usn.ubuntu.com/5227-2/","reference_id":"USN-5227-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23250?format=json","purl":"pkg:pypi/pillow@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-brp2-dtrf-jyfr"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-q4bb-qnxe-8bfa"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0"}],"aliases":["BIT-pillow-2022-22815","CVE-2022-22815","GHSA-pw3c-h7wp-cvhx","PYSEC-2022-8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpc3-td9q-dyee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13258?format=json","vulnerability_id":"VCID-g46h-p8jk-cuhc","summary":"Infinite loop in Pillow\nJpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.\n\nIf the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.","references":[{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file"},{"reference_url":"https://github.com/advisories/GHSA-4fx9-vc88-q2xc","reference_id":"GHSA-4fx9-vc88-q2xc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4fx9-vc88-q2xc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23250?format=json","purl":"pkg:pypi/pillow@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-brp2-dtrf-jyfr"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-q4bb-qnxe-8bfa"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0"}],"aliases":["GHSA-4fx9-vc88-q2xc","GMS-2022-347"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g46h-p8jk-cuhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11396?format=json","vulnerability_id":"VCID-n1hp-atex-ubh4","summary":"An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44271","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44391","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44413","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44347","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44392","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44423","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44399","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44183","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44266","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44263","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44438","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44447","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46499","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46519","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219"},{"reference_url":"https://devhub.checkmarx.com/cve-details/CVE-2023-44271/","reference_id":"","reference_type":"","scores":[],"url":"https://devhub.checkmarx.com/cve-details/CVE-2023-44271/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/7244","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/7244"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247820","reference_id":"2247820","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247820"},{"reference_url":"https://devhub.checkmarx.com/cve-details/CVE-2023-44271","reference_id":"CVE-2023-44271","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://devhub.checkmarx.com/cve-details/CVE-2023-44271"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44271","reference_id":"CVE-2023-44271","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44271"},{"reference_url":"https://github.com/advisories/GHSA-8ghj-p4vj-mr35","reference_id":"GHSA-8ghj-p4vj-mr35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8ghj-p4vj-mr35"},{"reference_url":"https://security.gentoo.org/glsa/202405-12","reference_id":"GLSA-202405-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0345","reference_id":"RHSA-2024:0345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1057","reference_id":"RHSA-2024:1057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3005","reference_id":"RHSA-2024:3005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3005"},{"reference_url":"https://usn.ubuntu.com/6618-1/","reference_id":"USN-6618-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6618-1/"},{"reference_url":"https://usn.ubuntu.com/8135-1/","reference_id":"USN-8135-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8135-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41011?format=json","purl":"pkg:pypi/pillow@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0"}],"aliases":["BIT-pillow-2023-44271","CVE-2023-44271","GHSA-8ghj-p4vj-mr35","PYSEC-2023-227"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1hp-atex-ubh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7536?format=json","vulnerability_id":"VCID-q4bb-qnxe-8bfa","summary":"PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22817","reference_id":"","reference_type":"","scores":[{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86168","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86149","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86128","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86109","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86099","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86079","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86086","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86081","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86064","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86071","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86028","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02781","scoring_system":"epss","scoring_elements":"0.86027","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8vj2-vxx3-667w","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vj2-vxx3-667w"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/"}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/"}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/"}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://www.debian.org/security/2022/dsa-5053","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/"}],"url":"https://www.debian.org/security/2022/dsa-5053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042527","reference_id":"2042527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042527"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22817","reference_id":"CVE-2022-22817","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0609","reference_id":"RHSA-2022:0609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0643","reference_id":"RHSA-2022:0643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0665","reference_id":"RHSA-2022:0665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0667","reference_id":"RHSA-2022:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0669","reference_id":"RHSA-2022:0669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0669"},{"reference_url":"https://usn.ubuntu.com/5227-1/","reference_id":"USN-5227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-1/"},{"reference_url":"https://usn.ubuntu.com/5227-2/","reference_id":"USN-5227-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-2/"},{"reference_url":"https://usn.ubuntu.com/5227-3/","reference_id":"USN-5227-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23250?format=json","purl":"pkg:pypi/pillow@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-brp2-dtrf-jyfr"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-q4bb-qnxe-8bfa"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/26287?format=json","purl":"pkg:pypi/pillow@9.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1"}],"aliases":["BIT-pillow-2022-22817","CVE-2022-22817","GHSA-8vj2-vxx3-667w","PYSEC-2022-10"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4bb-qnxe-8bfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18987?format=json","vulnerability_id":"VCID-vdzj-kqfy-d3b7","summary":"libwebp: OOB write in BuildHuffmanTable\nHeap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json"},{"reference_url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway"},{"reference_url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4863","reference_id":"","reference_type":"","scores":[{"value":"0.93606","scoring_system":"epss","scoring_elements":"0.99837","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93606","scoring_system":"epss","scoring_elements":"0.99835","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93606","scoring_system":"epss","scoring_elements":"0.99836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.94083","scoring_system":"epss","scoring_elements":"0.99908","published_at":"2026-05-09T12:55:00Z"},{"value":"0.94083","scoring_system":"epss","scoring_elements":"0.99907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.94083","scoring_system":"epss","scoring_elements":"0.99905","published_at":"2026-04-12T12:55:00Z"},{"value":"0.94117","scoring_system":"epss","scoring_elements":"0.99911","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94117","scoring_system":"epss","scoring_elements":"0.9991","published_at":"2026-04-02T12:55:00Z"},{"value":"0.94117","scoring_system":"epss","scoring_elements":"0.99909","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4863"},{"reference_url":"https://blog.isosceles.com/the-webp-0day","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.isosceles.com/the-webp-0day"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1215231","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1215231"},{"reference_url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"},{"reference_url":"https://crbug.com/1479274","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://crbug.com/1479274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863"},{"reference_url":"https://en.bandisoft.com/honeyview/history","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://en.bandisoft.com/honeyview/history"},{"reference_url":"https://en.bandisoft.com/honeyview/history/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://en.bandisoft.com/honeyview/history/"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0"},{"reference_url":"https://github.com/electron/electron/pull/39823","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39823"},{"reference_url":"https://github.com/electron/electron/pull/39825","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39825"},{"reference_url":"https://github.com/electron/electron/pull/39826","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39826"},{"reference_url":"https://github.com/electron/electron/pull/39827","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39827"},{"reference_url":"https://github.com/electron/electron/pull/39828","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39828"},{"reference_url":"https://github.com/ImageMagick/ImageMagick/discussions/6664","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ImageMagick/ImageMagick/discussions/6664"},{"reference_url":"https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc"},{"reference_url":"https://github.com/jaredforth/webp/pull/30","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jaredforth/webp/pull/30"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/7395","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/7395"},{"reference_url":"https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b"},{"reference_url":"https://github.com/qnighy/libwebp-sys2-rs/pull/21","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/qnighy/libwebp-sys2-rs/pull/21"},{"reference_url":"https://github.com/webmproject/libwebp","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/webmproject/libwebp"},{"reference_url":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a"},{"reference_url":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://github.com/webmproject/libwebp/releases/tag/v1.3.2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I"},{"reference_url":"https://news.ycombinator.com/item?id=37478403","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://news.ycombinator.com/item?id=37478403"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0060.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0060.html"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0061.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0061.html"},{"reference_url":"https://security.gentoo.org/glsa/202309-05","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://security.gentoo.org/glsa/202309-05"},{"reference_url":"https://security.gentoo.org/glsa/202401-10","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://security.gentoo.org/glsa/202401-10"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230929-0011","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230929-0011"},{"reference_url":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://sethmlarson.dev/security-developer-in-residence-weekly-report-16"},{"reference_url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863"},{"reference_url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/"},{"reference_url":"https://www.bentley.com/advisories/be-2023-0001","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bentley.com/advisories/be-2023-0001"},{"reference_url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks"},{"reference_url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5496","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://www.debian.org/security/2023/dsa-5496"},{"reference_url":"https://www.debian.org/security/2023/dsa-5497","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://www.debian.org/security/2023/dsa-5497"},{"reference_url":"https://www.debian.org/security/2023/dsa-5498","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://www.debian.org/security/2023/dsa-5498"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"critical","scoring_system":"generic_textual","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"},{"reference_url":"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/21/4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/21/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/26/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/26/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/26/7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/26/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787","reference_id":"1051787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238431","reference_id":"2238431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238431"},{"reference_url":"https://www.bentley.com/advisories/be-2023-0001/","reference_id":"be-2023-0001","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://www.bentley.com/advisories/be-2023-0001/"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863","reference_id":"CVE-2023-4863","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-4863","reference_id":"CVE-2023-4863","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-4863"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","reference_id":"KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230929-0011/","reference_id":"ntap-20230929-0011","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230929-0011/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5183","reference_id":"RHSA-2023:5183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5183"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5184","reference_id":"RHSA-2023:5184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5185","reference_id":"RHSA-2023:5185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5186","reference_id":"RHSA-2023:5186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5187","reference_id":"RHSA-2023:5187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5188","reference_id":"RHSA-2023:5188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5189","reference_id":"RHSA-2023:5189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5190","reference_id":"RHSA-2023:5190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5191","reference_id":"RHSA-2023:5191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5191"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5192","reference_id":"RHSA-2023:5192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5197","reference_id":"RHSA-2023:5197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5198","reference_id":"RHSA-2023:5198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5200","reference_id":"RHSA-2023:5200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5201","reference_id":"RHSA-2023:5201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5202","reference_id":"RHSA-2023:5202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5204","reference_id":"RHSA-2023:5204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5205","reference_id":"RHSA-2023:5205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5214","reference_id":"RHSA-2023:5214","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5214"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5222","reference_id":"RHSA-2023:5222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5223","reference_id":"RHSA-2023:5223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5224","reference_id":"RHSA-2023:5224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5236","reference_id":"RHSA-2023:5236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5309","reference_id":"RHSA-2023:5309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5309"},{"reference_url":"https://usn.ubuntu.com/6367-1/","reference_id":"USN-6367-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6367-1/"},{"reference_url":"https://usn.ubuntu.com/6368-1/","reference_id":"USN-6368-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6368-1/"},{"reference_url":"https://usn.ubuntu.com/6369-1/","reference_id":"USN-6369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6369-1/"},{"reference_url":"https://usn.ubuntu.com/6369-2/","reference_id":"USN-6369-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6369-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54025?format=json","purl":"pkg:pypi/pillow@10.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1"}],"aliases":["CVE-2023-4863","GHSA-j7hp-h8jx-5ppr"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdzj-kqfy-d3b7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6583?format=json","vulnerability_id":"VCID-1vt7-c6e3-7qc8","summary":"The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23437","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45314","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45402","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45452","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45456","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45405","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45434","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45357","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45414","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45394","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45239","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45222","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45158","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45261","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45321","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45315","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-98vv-pw6r-q6q4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98vv-pw6r-q6q4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2001907","reference_id":"2001907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2001907"},{"reference_url":"https://security.archlinux.org/AVG-2366","reference_id":"AVG-2366","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2366"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23437","reference_id":"CVE-2021-23437","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23437"},{"reference_url":"https://usn.ubuntu.com/5227-1/","reference_id":"USN-5227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-1/"},{"reference_url":"https://usn.ubuntu.com/5227-2/","reference_id":"USN-5227-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18551?format=json","purl":"pkg:pypi/pillow@8.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19e1-19hk-duet"},{"vulnerability":"VCID-5rv4-k1q9-zue2"},{"vulnerability":"VCID-64n5-pugj-vue8"},{"vulnerability":"VCID-9ckw-ra54-z3b7"},{"vulnerability":"VCID-brp2-dtrf-jyfr"},{"vulnerability":"VCID-d7uf-zdbv-sba1"},{"vulnerability":"VCID-df4x-jt3h-17hx"},{"vulnerability":"VCID-dpc3-td9q-dyee"},{"vulnerability":"VCID-g46h-p8jk-cuhc"},{"vulnerability":"VCID-n1hp-atex-ubh4"},{"vulnerability":"VCID-q4bb-qnxe-8bfa"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2"}],"aliases":["BIT-pillow-2021-23437","CVE-2021-23437","GHSA-98vv-pw6r-q6q4","PYSEC-2021-317","SNYK-PYTHON-PILLOW-1319443"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vt7-c6e3-7qc8"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2"}