CVE-2023-44464

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-44464
pretix before 2023.7.2 allows Pillow to parse EPS files.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/pretix/pretix/commit/8583bfb7d97263e9e923ad5d7f123ca1cadc8f2e Patch
https://github.com/pretix/pretix/compare/v2023.7.1...v2023.7.2 Patch
https://github.com/pretix/pretix/tags Release Notes
https://pretix.eu/about/de/blog/20230912-release-2023-7-2/ Vendor Advisory
https://pretix.eu/about/en/ticketing Product
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rami:pretix:*:*:*:*:*:*:*:*
cpe:2.3:a:rami:pretix:*:*:*:*:*:*:*:*
cpe:2.3:a:rami:pretix:*:*:*:*:*:*:*:*
History

12 Oct 2023, 02:47

Type Values Removed Values Added
References (CONFIRM) https://pretix.eu/about/de/blog/20230912-release-2023-7-2/ - (CONFIRM) https://pretix.eu/about/de/blog/20230912-release-2023-7-2/ - Vendor Advisory

04 Oct 2023, 20:15

Type Values Removed Values Added
References
  • (CONFIRM) https://pretix.eu/about/de/blog/20230912-release-2023-7-2/ -

02 Oct 2023, 12:51

Type Values Removed Values Added
References (MISC) https://pretix.eu/about/en/ticketing - (MISC) https://pretix.eu/about/en/ticketing - Product
References (MISC) https://github.com/pretix/pretix/commit/8583bfb7d97263e9e923ad5d7f123ca1cadc8f2e - (MISC) https://github.com/pretix/pretix/commit/8583bfb7d97263e9e923ad5d7f123ca1cadc8f2e - Patch
References (MISC) https://github.com/pretix/pretix/compare/v2023.7.1...v2023.7.2 - (MISC) https://github.com/pretix/pretix/compare/v2023.7.1...v2023.7.2 - Patch
References (MISC) https://github.com/pretix/pretix/tags - (MISC) https://github.com/pretix/pretix/tags - Release Notes
CPE cpe:2.3:a:rami:pretix:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
First Time Rami
Rami pretix

29 Sep 2023, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-29 05:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-44464

Mitre link : CVE-2023-44464

CVE.ORG link : CVE-2023-44464

JSON object : View

Products Affected

rami

  • pretix
CWE
NVD-CWE-noinfo