rpm package
suse/python-Pillow&distro=SUSE Linux Enterprise Module for Python 3 15 SP5
pkg:rpm/suse/python-Pillow&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28219 | — | < 9.5.0-150400.5.15.1 | 9.5.0-150400.5.15.1 | Apr 3, 2024 | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | ||
| CVE-2023-50447 | — | < 9.5.0-150400.5.9.1 | 9.5.0-150400.5.9.1 | Jan 19, 2024 | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | ||
| CVE-2023-44271 | — | < 9.5.0-150400.5.6.1 | 9.5.0-150400.5.6.1 | Nov 3, 2023 | An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw in |
- CVE-2024-28219Apr 3, 2024affected < 9.5.0-150400.5.15.1fixed 9.5.0-150400.5.15.1
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
- CVE-2023-50447Jan 19, 2024affected < 9.5.0-150400.5.9.1fixed 9.5.0-150400.5.9.1
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
- CVE-2023-44271Nov 3, 2023affected < 9.5.0-150400.5.6.1fixed 9.5.0-150400.5.6.1
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw in