Bugzilla – Bug 1216894
VUL-0: CVE-2023-44271: python-Pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument
Last modified: 2023-12-01 16:36:12 UTC
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44271
This is an autogenerated message for OBS integration: This bug (1216894) was mentioned in https://build.opensuse.org/request/show/1125429 Factory / python-Pillow
SUSE-SU-2023:4465-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1216894 CVE References: CVE-2023-44271 Sources used: openSUSE Leap 15.5 (src): python-Pillow-7.2.0-150300.3.3.1 openSUSE Leap 15.3 (src): python-Pillow-7.2.0-150300.3.3.1 openSUSE Leap 15.4 (src): python-Pillow-7.2.0-150300.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4528-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1216894 CVE References: CVE-2023-44271 Sources used: openSUSE Leap 15.4 (src): python-Pillow-9.5.0-150400.5.6.1 openSUSE Leap 15.5 (src): python-Pillow-9.5.0-150400.5.6.1 Python 3 Module 15-SP4 (src): python-Pillow-9.5.0-150400.5.6.1 Python 3 Module 15-SP5 (src): python-Pillow-9.5.0-150400.5.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4631-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1216894 CVE References: CVE-2023-44271 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): python-Pillow-4.2.1-3.23.2 HPE Helion OpenStack 8 (src): python-Pillow-4.2.1-3.23.2 SUSE OpenStack Cloud 8 (src): python-Pillow-4.2.1-3.23.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4630-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1216894 CVE References: CVE-2023-44271 Sources used: SUSE OpenStack Cloud 9 (src): python-Pillow-5.2.0-3.20.1 SUSE OpenStack Cloud Crowbar 9 (src): python-Pillow-5.2.0-3.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.