ALAS2023-2023-453 --- python-pillowID: oval:org.secpod.oval:def:19500524 | Date: (C)2024-01-04 (M)2024-05-09 |
Class: PATCH | Family: unix |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument
Platform: |
Amazon Linux 2023 |
Product: |
python-pillow |
python3-pillow |