apk package
chainguard/py3.13-seaborn
pkg:apk/chainguard/py3.13-seaborn
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28219 | Med | 6.7 | < 0.13.2-r3 | 0.13.2-r3 | Apr 3, 2024 | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | |
| CVE-2023-50447 | Hig | 8.1 | < 0.13.2-r0 | 0.13.2-r0 | Jan 19, 2024 | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). |
- affected < 0.13.2-r3fixed 0.13.2-r3
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
- affected < 0.13.2-r0fixed 0.13.2-r0
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).