MGASA-2024-0133 Updated python-pillow packages fix security vulnerabilities

CVE-2023-44271 Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. CVE-2024-28219 A...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1258-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1258-1 advisory. - In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of...

SUSE-SU-2024:1268-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2024-28219: Fixed buffer overflow in imagingcms.c bsc1222262...

SUSE-SU-2024:1267-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2024-28219: Fixed buffer overflow in imagingcms.c bsc1222262...

SUSE-SU-2024:1258-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2024-28219: Fixed buffer overflow in imagingcms.c bsc1222262 Other fixes: - Re-enabled build tests for s390x and ppc bsc1222553...

OESA-2024-1451 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. %package -n python3-pillow Summary: Python 3 image processing library Provides: python3-imaging = -...

Advisory ROSA-SA-2024-2392

Software: python-pillow 2.0.0-25 OS: rosa-server79 packageevrstring: python-pillow-2.0.0.0-25.gitd1c6db8.res7 CVE-ID: CVE-2023-44271 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem has been detected in Pillow. It is a denial of service that uncontrollably allocates memory to process a given task...

[SECURITY] Fedora 39 Update: python-pillow-10.3.0-1.fc39

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

Fedora 39 : python-pillow (2024-e4b1b4eab1)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e4b1b4eab1 advisory. Update to 10.3.0. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1154-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:1154-1 advisory. - In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. CVE-2024-28219 Note that Nessus has not tested...

SUSE-SU-2024:1154-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2024-28219: Fixed buffer overflow in imagingcms.c bsc1222262...

EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2024-1495)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than...

EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2024-1516)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1516)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1495)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: python-pillow

Issue Overview: Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a certain limit. This can lead to a system crash. Affected versions of this package...

Medium: python-pillow

Issue Overview: Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a certain limit. This can lead to a system crash. Affected versions of this package...

Amazon Linux 2 : python-pillow (ALAS-2024-2508)

The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2508 advisory. An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory t...

Medium: python-pillow

Issue Overview: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw...

EulerOS Virtualization 2.11.0 : python-pillow (EulerOS-SA-2024-1448)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process ...