exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2023-44271

Status Candidate

Overview

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Related Files

Debian Security Advisory 5704-1
Posted Jun 6, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5704-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed.

tags | advisory, denial of service, arbitrary, python
systems | linux, debian
advisories | CVE-2023-44271, CVE-2023-50447, CVE-2024-28219
SHA-256 | 39d19c693f17390d6a2ae39c504630ddbff9dabe4a9550c53beda72dd79c2817
Red Hat Security Advisory 2024-3005-03
Posted May 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3005-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-44271
SHA-256 | 9a4d07d9090af2aef0e45cedd203af3f8f4f603ca5d859e6af2f6ed3d71c48fc
Gentoo Linux Security Advisory 202405-12
Posted May 6, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-12 - Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-44271, CVE-2023-50447
SHA-256 | 3383dd664c509ffd1c2c81e6191f3909def9ad15643115326144b65d82a168fd
Ubuntu Security Notice USN-6618-1
Posted Jan 31, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6618-1 - It was discovered that Pillow incorrectly handled certain long text arguments. An attacker could possibly use this issue to cause Pillow to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Duarte Santos discovered that Pillow incorrectly handled the environment parameter to PIL.ImageMath.eval. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-44271, CVE-2023-50447
SHA-256 | 6448149912590caa887d2ebc19423b952b66138a002ef70624bb7db6564df7f6
Red Hat Security Advisory 2024-0345-03
Posted Jan 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0345-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-44271
SHA-256 | 577f221d2e76f426fe238a8135c7fae4c7d1338480e41329e362e8922a5d1576
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close