ROSA LABROSA-SA-2024-2392Advisory ROSA-SA-2024-2392
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
31.3%
Software: python-pillow 2.0.0-25
OS: rosa-server79
package_evr_string: python-pillow-2.0.0.0-25.gitd1c6db8.res7
CVE-ID: CVE-2023-44271
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem has been detected in Pillow. It is a denial of service that uncontrollably allocates memory to process a given task, which can cause a service failure due to lack of memory. This occurs for truetype in ImageFont when the text length in an ImageDraw instance operates on a long text argument.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python-pillow command
CVE-ID: CVE-2023-50447
BDU-ID: 2024-00775
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the eval() function of the ImageMath module of the ImageMath module of the Pillow image manipulation library involves improper control of code generation when processing the environment parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python-pillow command.
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
31.3%