Описание
Security update for python-Pillow
This update for python-Pillow fixes the following issues:
- CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894).
Список пакетов
openSUSE Leap 15.4
python3-Pillow-7.2.0-150300.3.3.1
python3-Pillow-tk-7.2.0-150300.3.3.1
openSUSE Leap 15.5
python3-Pillow-7.2.0-150300.3.3.1
python3-Pillow-tk-7.2.0-150300.3.3.1
Ссылки
- Link for SUSE-SU-2023:4465-1
- E-Mail link for SUSE-SU-2023:4465-1
- SUSE Security Ratings
- SUSE Bug 1216894
- SUSE CVE CVE-2023-44271 page
Описание
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
Затронутые продукты
openSUSE Leap 15.4:python3-Pillow-7.2.0-150300.3.3.1
openSUSE Leap 15.4:python3-Pillow-tk-7.2.0-150300.3.3.1
openSUSE Leap 15.5:python3-Pillow-7.2.0-150300.3.3.1
openSUSE Leap 15.5:python3-Pillow-tk-7.2.0-150300.3.3.1
Ссылки
- CVE-2023-44271
- SUSE Bug 1216894