20 matches found
Astra Linux - уязвимость в pillow
A issue was discovered in Pillow prior to version 10.0.0. It is a denial-of-service attack where memory is uncontrollably allocated to processing a given task, potentially causing a service to crash due to running out of memory. This occurs for truetype in ImageFont when textlength in an ImageDra...
MiracleLinux 8 : python-pillow-5.1.1-20.el8 (AXSA:2024-8290:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8290:04 advisory. python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument CVE-2023-44271 Tenable has extract...
MiracleLinux 7 : python-pillow-2.0.0-24.gitd1c6db8.el7 (AXSA:2024-7452:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7452:01 advisory. python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument CVE-2023-44271 Tenable has extract...
CVE-2025-25062
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...
CVE-2025-25062
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...
CVE-2025-25062
CVE-2025-25062 is an XSS vulnerability in Backdrop CMS (CKEditor 5 module) affecting 1.28.x prior to 1.28.5 and 1.29.x prior to 1.29.3. The issue arises from insufficient isolation of long text content, enabling crafted HTML/JS to execute when an administrator edits content. Exploitation prospect...
python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument
A flaw was found in Pillow. A denial of service issue uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for TrueType in ImageFont when text length in an ImageDraw instance operates on a long text argument...
Medium: python-pillow
Issue Overview: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw...
python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument
A flaw was found in Pillow. A denial of service issue uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for TrueType in ImageFont when text length in an ImageDraw instance operates on a long text argument...
python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument
A flaw was found in Pillow. A denial of service issue uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for TrueType in ImageFont when text length in an ImageDraw instance operates on a long text argument...
Medium: python-pillow
Issue Overview: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw...
SUSE CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates o...
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates o...
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates o...
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates o...
PT-2023-9330 · Pillow +9 · Pillow +9
Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 10.0.0 Description: The issue is related to a Denial of Service in Pillow, where the truetype function in ImageFont uncontrollably allocates memory when processing a long text argument in an ImageDraw instance. This c...
SUSE CVE-2011-0058
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a long string that triggers construction of a long text run...
Buffer overflow
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter...
security flaw
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line...
CVE-2005-1776
Buffer overflow in the READTCPSTRING function in gamemessagefunctions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string...