Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-44271

Published: 03/11/2023 Updated: 22/03/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Pillow

Vulnerability Summary

An issue exists in Pillow prior to 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Vulnerable Product Search on Vulmon Subscribe to Product

python pillow

fedoraproject fedora 38

Vendor Advisories

Red Hat: Moderate: python-pillow security update
Synopsis Moderate: python-pillow security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-pillow is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Amazon Linux 2: ALAS-2024-2508
An issue was discovered in Pillow before 1000 It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271) Affected ver ...

References

CWE-770https://devhub.checkmarx.com/cve-details/CVE-2023-44271/https://github.com/python-pillow/Pillow/pull/7244https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/https://lists.debian.org/debian-lts-announce/2024/03/msg00021.htmlhttps://access.redhat.com/errata/RHSA-2024:0345https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2508.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook