ALAS2023-2023-453 --- python-pillow| ID: oval:org.secpod.oval:def:19500524 | Date: (C)2024-01-04 (M)2024-05-09 |
| Class: PATCH | Family: unix |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument
| Platform: |
| Amazon Linux 2023 |
| Product: |
| python-pillow |
| python3-pillow |
