Lucene search
MitreCVELIST:CVE-2023-44271HistoryNov 03, 2023 - 12:00 a.m.
CVE-2023-44271
2023-11-0300:00:00
mitre
www.cve.org
1
pillow
dos
vulnerability
truetype font
handling
imagefont
imagedraw
long text
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
References
devhub.checkmarx.com/cve-details/CVE-2023-44271/
github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
github.com/python-pillow/Pillow/pull/7244
lists.debian.org/debian-lts-announce/2024/03/msg00021.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4/
Related
osv
osv
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
Moderate: python-pillow security update
2024-06-14 13:59:30
Moderate: python-pillow security update
2024-05-22 00:00:00
openvas
openvas
Fedora: Security Advisory for python-pillow (FEDORA-2023-1a120657f9)
2023-11-12 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1128)
2024-01-29 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1071)
2024-01-09 00:00:00
ubuntucve
ubuntucve
CVE-2023-44271
2023-11-03 00:00:00
nessus
nessus
Fedora 38 : python-pillow (2023-1a120657f9)
2023-11-11 00:00:00
CentOS 8 : python-pillow (CESA-2024:3005)
2024-05-22 00:00:00
cve
cve
CVE-2023-44271
2023-11-03 05:15:30
fedora
fedora
[SECURITY] Fedora 38 Update: python-pillow-9.5.0-1.fc38
2023-11-12 01:43:47
veracode
veracode
Denial Of Service (DoS)
2023-11-06 10:49:50
ibm
ibm
Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:15:22
amazon
amazon
Medium: python-pillow
2024-03-27 21:32:00
redhat
redhat
(RHSA-2024:0345) Moderate: python-pillow security update
2024-01-23 15:58:23
(RHSA-2024:3005) Moderate: python-pillow security update
2024-05-22 06:35:19
almalinux
almalinux
Moderate: python-pillow security update
2024-05-22 00:00:00
github
github
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
oraclelinux
oraclelinux
python-pillow security update
2024-05-23 00:00:00
python-pillow security update
2024-01-23 00:00:00
centos
centos
python security update
2024-01-26 18:08:27
redhatcve
redhatcve
CVE-2023-44271
2023-11-03 16:56:36
debiancve
debiancve
CVE-2023-44271
2023-11-03 05:15:30
f5
f5
K000138517 : Python-Pillow vulnerability CVE-2023-44271
2024-02-07 00:00:00
prion
prion
Code injection
2023-11-03 05:15:00
nvd
nvd
CVE-2023-44271
2023-11-03 05:15:30
ubuntu
ubuntu
Pillow vulnerabilities
2024-01-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2392
2024-04-11 07:13:20
gentoo
gentoo
Pillow: Multiple Vulnerabilities
2024-05-05 00:00:00
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2024-04-15 21:21:57
debian
debian
[SECURITY] [DLA 3768-1] pillow security update
2024-03-22 10:06:44
[SECURITY] [DSA 5704-1] pillow security update
2024-06-05 18:59:18
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00