Lucene search
MitreCVELIST:CVE-2023-44271HistoryNov 03, 2023 - 12:00 a.m.
CVE-2023-44271
2023-11-0300:00:00
mitre
www.cve.org
1
pillow
dos
vulnerability
truetype font
handling
imagefont
imagedraw
long text
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
References
devhub.checkmarx.com/cve-details/CVE-2023-44271/
github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
github.com/python-pillow/Pillow/pull/7244
lists.debian.org/debian-lts-announce/2024/03/msg00021.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/
Related
prion
prion
Code injection
2023-11-03 05:15:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Pillow (SUSE-SU-2023:4528-1)
2023-11-24 00:00:00
openSUSE 15 Security Update : python-Pillow (SUSE-SU-2023:4465-1)
2023-11-17 00:00:00
EulerOS 2.0 SP10 : python-pillow (EulerOS-SA-2024-1095)
2024-01-16 00:00:00
osv
osv
CVE-2023-44271
2023-11-03 05:15:30
PYSEC-2023-227
2023-11-03 05:15:00
BIT-pillow-2023-44271
2024-03-06 11:01:40
openvas
openvas
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1448)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1389)
2024-03-14 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1095)
2024-01-09 00:00:00
redhat
redhat
(RHSA-2024:3005) Moderate: python-pillow security update
2024-05-22 06:35:19
(RHSA-2024:0345) Moderate: python-pillow security update
2024-01-23 15:58:23
nvd
nvd
CVE-2023-44271
2023-11-03 05:15:30
debiancve
debiancve
CVE-2023-44271
2023-11-03 05:15:30
oraclelinux
oraclelinux
python-pillow security update
2024-01-23 00:00:00
python-pillow security update
2024-05-23 00:00:00
f5
f5
K000138517 : Python-Pillow vulnerability CVE-2023-44271
2024-02-07 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: python-pillow-9.5.0-1.fc38
2023-11-12 01:43:47
ibm
ibm
Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:15:22
amazon
amazon
Medium: python-pillow
2024-03-27 21:32:00
veracode
veracode
Denial Of Service (DoS)
2023-11-06 10:49:50
ubuntucve
ubuntucve
CVE-2023-44271
2023-11-03 00:00:00
cve
cve
CVE-2023-44271
2023-11-03 05:15:30
github
github
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
centos
centos
python security update
2024-01-26 18:08:27
almalinux
almalinux
Moderate: python-pillow security update
2024-05-22 00:00:00
redhatcve
redhatcve
CVE-2023-44271
2023-11-03 16:56:36
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2024-04-15 21:21:57
rosalinux
rosalinux
Advisory ROSA-SA-2024-2392
2024-04-11 07:13:20
gentoo
gentoo
Pillow: Multiple Vulnerabilities
2024-05-05 00:00:00
ubuntu
ubuntu
Pillow vulnerabilities
2024-01-30 00:00:00
debian
debian
[SECURITY] [DSA 5704-1] pillow security update
2024-06-05 18:59:18
[SECURITY] [DLA 3768-1] pillow security update
2024-03-22 10:00:44
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00