python3-pillow: Fix CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). References: https://security-tracker.debian.org/tracker/CVE-2023-50447 https://github.com/python-pillow/Pillow/blob/10.2.0/CHANGES.rst Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-17 22:48:28 +00:00 · 2024-04-08 09:42:28 +00:00
parent 0fffd4d422
commit 717462f811
5 changed files with 186 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-1.patch
+++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-50447-1.patch
@@ -0,0 +1,29 @@
+From  3652f431c2d8b9c10bf20b70f284d300d12e814a
+From: Andrew Murray <radarhere@users.noreply.github.com>
+Date:   Sat Oct 28 14:22:39 2023 +1100
+Subject: [PATCH] python3-pillow: Simplified code
+
+CVE: CVE-2023-50447
+
+Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/3652f431c2d8b9c10bf20b70f284d300d12e814a]
+
+Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com>
+---
+ src/PIL/ImageMath.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/PIL/ImageMath.py b/src/PIL/ImageMath.py
+index ac7d36b69..71872a3fb 100644
+--- a/src/PIL/ImageMath.py
+++ b/src/PIL/ImageMath.py
+@@ -239,7 +239,7 @@ def eval(expression, _dict={}, **kw):
+     args = ops.copy()
+     args.update(_dict)
+     args.update(kw)
+-    for k, v in list(args.items()):
+    for k, v in args.items():
+         if hasattr(v, "im"):
+             args[k] = _Operand(v)
+
+--
+2.40.0