Lucene search

K

GoogleOSV:GHSA-8GHJ-P4VJ-MR35

HistoryNov 03, 2023 - 6:36 a.m.

Pillow Denial of Service vulnerability

2023-11-0306:36:30

Google

osv.dev

7

pillow

denial of service

memory allocation

imagefont

vulnerability

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.5%

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

CPENameOperatorVersion
pilloweq5.0.0
pilloweq2.8.2
pilloweq2.3.0
pilloweq2.8.0
pilloweq8.0.1
pilloweq4.1.1
pilloweq3.3.1
pilloweq5.1.0
pilloweq1.7.5
pilloweq3.3.0

Rows per page:

1-10 of 921

References

devhub.checkmarx.com/cve-details/CVE-2023-44271

github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml

github.com/python-pillow/Pillow

github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7

github.com/python-pillow/Pillow/pull/7244

lists.debian.org/debian-lts-announce/2024/03/msg00021.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4

nvd.nist.gov/vuln/detail/CVE-2023-44271

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.5%

Related for OSV:GHSA-8GHJ-P4VJ-MR35

nessus20 cve1 openvas15 ubuntucve1 prion1 redhat3 osv6 veracode1 cvelist1 amazon1 ibm4 fedora1 f51 debiancve1 oraclelinux2 redhatcve1 centos1 almalinux1 github1 mageia1 gentoo1 rosalinux1 hp1 oracle1