Lucene search
UbuntuUSN-6618-1HistoryJan 30, 2024 - 12:00 a.m.
Pillow vulnerabilities
2024-01-3000:00:00
ubuntu.com
13
pillow
ubuntu
denial of service
cve-2023-44271
arbitrary code
cve-2023-50447
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.0%
Releases
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- pillow - Python Imaging Library
Details
It was discovered that Pillow incorrectly handled certain long text
arguments. An attacker could possibly use this issue to cause Pillow to
consume resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-44271)
Duarte Santos discovered that Pillow incorrectly handled the environment
parameter to PIL.ImageMath.eval. An attacker could possibly use this issue
to execute arbitrary code. (CVE-2023-50447)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | python3-pil | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python-pil-doc | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python3-pil-dbgsym | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python3-pil.imagetk | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python3-pil.imagetk-dbgsym | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python-pil-doc | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil-dbgsym | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil.imagetk | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil.imagetk-dbgsym | < 9.0.1-1ubuntu0.2 | UNKNOWN |
Related
nessus
nessus
Oracle Linux 8 : python-pillow (ELSA-2024-3005)
2024-05-28 00:00:00
GLSA-202405-12 : Pillow: Multiple Vulnerabilities
2024-05-06 00:00:00
Debian dsa-5704 : python-pil-doc - security update
2024-06-05 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2392
2024-04-11 07:13:20
gentoo
gentoo
Pillow: Multiple Vulnerabilities
2024-05-05 00:00:00
osv
osv
pillow vulnerabilities
2024-01-30 15:17:54
pillow - security update
2024-06-05 00:00:00
BIT-pillow-2023-44271
2024-03-06 11:01:40
openvas
openvas
Ubuntu: Security Advisory (USN-6618-1)
2024-01-31 00:00:00
Debian: Security Advisory (DSA-5704-1)
2024-07-01 00:00:00
CentOS: Security Advisory for python-pillow (CESA-2024:0857)
2024-03-05 00:00:00
debian
debian
[SECURITY] [DSA 5704-1] pillow security update
2024-06-05 18:59:18
[SECURITY] [DLA 3724-1] pillow security update
2024-01-29 20:03:58
[SECURITY] [DLA 3768-1] pillow security update
2024-03-22 10:00:44
f5
f5
K000138517 : Python-Pillow vulnerability CVE-2023-44271
2024-02-07 00:00:00
K000138866 : Python Pillow vulnerability CVE-2023-50447
2024-03-09 00:00:00
debiancve
debiancve
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
oraclelinux
oraclelinux
python-pillow security update
2024-01-23 00:00:00
python-pillow security update
2024-02-20 00:00:00
python-pillow security update
2024-02-18 00:00:00
redhat
redhat
(RHSA-2024:1059) Important: python-pillow security update
2024-02-29 17:11:25
(RHSA-2024:0754) Important: python-pillow security update
2024-02-08 17:23:24
(RHSA-2024:0857) Important: python-pillow security update
2024-02-19 00:59:20
ubuntucve
ubuntucve
CVE-2023-44271
2023-11-03 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
cve
cve
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
nvd
nvd
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
prion
prion
Code injection
2023-11-03 05:15:00
Code injection
2024-01-19 20:15:00
ibm
ibm
Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:15:22
amazon
amazon
Medium: python-pillow
2024-03-27 21:32:00
Important: python-pillow
2024-02-01 19:57:00
fedora
fedora
[SECURITY] Fedora 38 Update: python-pillow-9.5.0-1.fc38
2023-11-12 01:43:47
veracode
veracode
Denial Of Service (DoS)
2023-11-06 10:49:50
Arbitrary Code Execution
2024-01-23 09:46:39
cvelist
cvelist
CVE-2023-44271
2023-11-03 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
redhatcve
redhatcve
CVE-2023-50447
2024-01-22 05:30:54
CVE-2023-44271
2023-11-03 16:56:36
github
github
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
Arbitrary Code Execution in Pillow
2024-01-19 21:30:35
centos
centos
python security update
2024-01-26 18:08:27
python security update
2024-02-21 14:47:57
rocky
rocky
python-pillow security update
2024-06-14 13:59:30
almalinux
almalinux
Moderate: python-pillow security update
2024-05-22 00:00:00
Important: python-pillow security update
2024-02-20 00:00:00
cgr
cgr
CVE-2023-50447 vulnerabilities
2024-05-19 03:07:16
redos
redos
ROS-20240411-05
2024-04-11 00:00:00
wolfi
wolfi
CVE-2023-50447 vulnerabilities
2024-07-05 21:08:40
alpinelinux
alpinelinux
CVE-2023-50447
2024-01-19 20:15:11
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2024-04-15 21:21:57
Updated python-pillow packages fix a security vulnerability
2024-01-30 23:57:03
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.0%
Related for USN-6618-1