CVE-2023-50447

CVE-2023-50447 is an arbitrary code execution vulnerability in the Pillow Python imaging library, affecting versions through 10.1.0. The flaw resides in the PIL.ImageMath.eval function, which evaluates mathematical expressions on images. Unlike the earlier CVE-2022-22817, which was about unrestricted expression strings, this vulnerability is triggered via the environment parameter [2][3]. Pillow's ImageMath.eval function is a wrapper around Python's built-in eval, and prior to version 10.2.0 it did not restrict the keys passed in the environment dictionary [1][3].

Exploitation

An attacker who can control the keys of the environment dictionary passed to ImageMath.eval can achieve arbitrary code execution. Because the function uses Python's eval, allowing keys that match built-in names or contain double underscores (e.g., __builtins__) enables access to dangerous Python internals. The attacker does not need to control the expression string itself; the environment keys provide the injection vector [3]. The vulnerability is network-exploitable if an application passes user-controlled data into the environment argument.

Impact

Successful exploitation grants an attacker arbitrary code execution in the context of the Python process using Pillow [3]. This can lead to full compromise of the application, including data theft, ransomware, or lateral movement within the environment. The CVSS v3.1 score is 8.1 (High), reflecting low attack complexity and high impact [2][3].

Mitigation

The vulnerability is fixed in Pillow version 10.2.0, released on 2024-01-02 [1][4]. The fix restricts environment keys by raising a ValueError if a key matches a built-in name or contains double underscores. Users are strongly advised to upgrade to Pillow 10.2.0 or later [1][4]. No workarounds are currently recommended; upgrading is the safest course of action.