Showing 1 - 5 of 5

CVE-2023-44271

Status Candidate

Overview

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Related Files

Debian Security Advisory 5704-1: Posted Jun 6, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5704-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed.; tags | advisory, denial of service, arbitrary, python; systems | linux, debian; advisories | CVE-2023-44271, CVE-2023-50447, CVE-2024-28219; SHA-256 | 39d19c693f17390d6a2ae39c504630ddbff9dabe4a9550c53beda72dd79c2817; Download | Favorite | View

Red Hat Security Advisory 2024-3005-03: Posted May 23, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-3005-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2023-44271; SHA-256 | 9a4d07d9090af2aef0e45cedd203af3f8f4f603ca5d859e6af2f6ed3d71c48fc; Download | Favorite | View

Gentoo Linux Security Advisory 202405-12: Posted May 6, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202405-12 - Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected.; tags | advisory, arbitrary, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2023-44271, CVE-2023-50447; SHA-256 | 3383dd664c509ffd1c2c81e6191f3909def9ad15643115326144b65d82a168fd; Download | Favorite | View

Ubuntu Security Notice USN-6618-1: Posted Jan 31, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6618-1 - It was discovered that Pillow incorrectly handled certain long text arguments. An attacker could possibly use this issue to cause Pillow to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Duarte Santos discovered that Pillow incorrectly handled the environment parameter to PIL.ImageMath.eval. An attacker could possibly use this issue to execute arbitrary code.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-44271, CVE-2023-50447; SHA-256 | 6448149912590caa887d2ebc19423b952b66138a002ef70624bb7db6564df7f6; Download | Favorite | View

Red Hat Security Advisory 2024-0345-03: Posted Jan 24, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0345-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7.; tags | advisory, python; systems | linux, redhat; advisories | CVE-2023-44271; SHA-256 | 577f221d2e76f426fe238a8135c7fae4c7d1338480e41329e362e8922a5d1576; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 277 files
Ubuntu 101 files
indoushka 44 files
Jasper Nota 25 files
Gentoo 20 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Debian 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,084)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,580)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,432)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,710)
UNIX (9,432)
UnixWare (187)
Windows (6,668)
Other

CVE-2023-44271

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems