Lucene search

K
cvelistMitreCVELIST:CVE-2023-44271
HistoryNov 03, 2023 - 12:00 a.m.

CVE-2023-44271

2023-11-0300:00:00
mitre
www.cve.org
1
pillow
dos
vulnerability
truetype font
handling
imagefont
imagedraw
long text

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.8%

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.