INFSA-2024:3005: python-pillow security update
Information about definition
Identificator: INFSA-2024:3005
Type: security
Release date: 2024-08-28 10:29:24 UTC
Information about package
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.
Vulnerabilities description
- CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-44271
|
no information | 7.5 | no information |
Updated packages