CVE-2023-44271 (https://github.com/python-pillow/Pillow/pull/7244): An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Patch: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=816096872d7a07e6233fbe06019e8382ea181358 commit 816096872d7a07e6233fbe06019e8382ea181358 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-05 07:36:46 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-05 07:37:30 +0000 [ GLSA 202405-12 ] Pillow: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/889594 Bug: https://bugs.gentoo.org/903664 Bug: https://bugs.gentoo.org/916907 Bug: https://bugs.gentoo.org/922577 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-12.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)