Lucene search

RedHatRHSA-2024:0345

HistoryJan 23, 2024 - 3:58 p.m.

(RHSA-2024:0345) Moderate: python-pillow security update

2024-01-2315:58:23

access.redhat.com

python-pillow

security update

uncontrolled resource consumption

image processing

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

21.9%

JSON

The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.

Security Fix(es):

python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7ppc64python-pillow-tk< 2.0.0-24.gitd1c6db8.el7_9python-pillow-tk-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm
RedHat7ppcpython-pillow< 2.0.0-24.gitd1c6db8.el7_9python-pillow-2.0.0-24.gitd1c6db8.el7_9.ppc.rpm
RedHat7x86_64python-pillow-devel< 2.0.0-24.gitd1c6db8.el7_9python-pillow-devel-2.0.0-24.gitd1c6db8.el7_9.x86_64.rpm
RedHat7x86_64python-pillow< 2.0.0-24.gitd1c6db8.el7_9python-pillow-2.0.0-24.gitd1c6db8.el7_9.x86_64.rpm
RedHat7ppc64python-pillow< 2.0.0-24.gitd1c6db8.el7_9python-pillow-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm
RedHat7ppc64python-pillow-sane< 2.0.0-24.gitd1c6db8.el7_9python-pillow-sane-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm
RedHat7x86_64python-pillow-sane< 2.0.0-24.gitd1c6db8.el7_9python-pillow-sane-2.0.0-24.gitd1c6db8.el7_9.x86_64.rpm
RedHat7ppc64lepython-pillow-debuginfo< 2.0.0-24.gitd1c6db8.el7_9python-pillow-debuginfo-2.0.0-24.gitd1c6db8.el7_9.ppc64le.rpm
RedHat7ppcpython-pillow-devel< 2.0.0-24.gitd1c6db8.el7_9python-pillow-devel-2.0.0-24.gitd1c6db8.el7_9.ppc.rpm
RedHat7ppc64python-pillow-debuginfo< 2.0.0-24.gitd1c6db8.el7_9python-pillow-debuginfo-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	ppc64	python-pillow-tk	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-tk-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm
RedHat	7	ppc	python-pillow	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-2.0.0-24.gitd1c6db8.el7_9.ppc.rpm
RedHat	7	x86_64	python-pillow-devel	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-devel-2.0.0-24.gitd1c6db8.el7_9.x86_64.rpm
RedHat	7	x86_64	python-pillow	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-2.0.0-24.gitd1c6db8.el7_9.x86_64.rpm
RedHat	7	ppc64	python-pillow	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm
RedHat	7	ppc64	python-pillow-sane	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-sane-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm
RedHat	7	x86_64	python-pillow-sane	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-sane-2.0.0-24.gitd1c6db8.el7_9.x86_64.rpm
RedHat	7	ppc64le	python-pillow-debuginfo	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-debuginfo-2.0.0-24.gitd1c6db8.el7_9.ppc64le.rpm
RedHat	7	ppc	python-pillow-devel	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-devel-2.0.0-24.gitd1c6db8.el7_9.ppc.rpm
RedHat	7	ppc64	python-pillow-debuginfo	< 2.0.0-24.gitd1c6db8.el7_9	python-pillow-debuginfo-2.0.0-24.gitd1c6db8.el7_9.ppc64.rpm