Pillow <10.0.0 - DOS via memory overallocation in ImageFont Truetype
CVE-2023-44271 Published on November 3, 2023

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

Vendor Advisory NVD

Products Associated with CVE-2023-44271

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-44271 are published in these products:

Python Pillow

Fedora Project Fedora

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.14%

Percentile

33.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Pillow <10.0.0 - DOS via memory overallocation in ImageFont TruetypeCVE-2023-44271 Published on November 3, 2023

Products Associated with CVE-2023-44271

Exploit Probability

Pillow <10.0.0 - DOS via memory overallocation in ImageFont Truetype
CVE-2023-44271 Published on November 3, 2023