Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2024-2392
HistoryApr 11, 2024 - 7:13 a.m.

Advisory ROSA-SA-2024-2392

2024-04-1107:13:20
ROSA LAB
abf.rosalinux.ru
6
advisory
python-pillow
denial of service
remote code execution
vulnerability
fixed
yum update
rosa-sa-2024-2392

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.7%

JSON

Software: python-pillow 2.0.0-25
OS: rosa-server79

package_evr_string: python-pillow-2.0.0.0-25.gitd1c6db8.res7

CVE-ID: CVE-2023-44271
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem has been detected in Pillow. It is a denial of service that uncontrollably allocates memory to process a given task, which can cause a service failure due to lack of memory. This occurs for truetype in ImageFont when the text length in an ImageDraw instance operates on a long text argument.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python-pillow command

CVE-ID: CVE-2023-50447
BDU-ID: 2024-00775
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the eval() function of the ImageMath module of the ImageMath module of the Pillow image manipulation library involves improper control of code generation when processing the environment parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python-pillow command.

Related

osv 18
openvas 36
ubuntu 1
gentoo 1
nessus 56
ibm 11
debian 3
ubuntucve 2
redos 2
cve 2
debiancve 2
f5 2
oraclelinux 4
amazon 2
fedora 1
cvelist 2
veracode 2
redhat 10
almalinux 2
centos 2
rocky 1
github 2
redhatcve 2
prion 2
nvd 2
cgr 1
wolfi 1
mageia 2
alpinelinux 1
vulnrichment 1
hp 2
oracle 2
osv
osv
pillow vulnerabilities
2024-01-30 15:17:54
pillow - security update
2024-06-05 00:00:00
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
openvas
openvas
Ubuntu: Security Advisory (USN-6618-1)
2024-01-31 00:00:00
Debian: Security Advisory (DSA-5704-1)
2024-07-01 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1071)
2024-01-09 00:00:00
ubuntu
ubuntu
Pillow vulnerabilities
2024-01-30 00:00:00
gentoo
gentoo
Pillow: Multiple Vulnerabilities
2024-05-05 00:00:00
nessus
nessus
Oracle Linux 8 : python-pillow (ELSA-2024-3005)
2024-05-28 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Pillow vulnerabilities (USN-6618-1)
2024-01-30 00:00:00
GLSA-202405-12 : Pillow: Multiple Vulnerabilities
2024-05-06 00:00:00
ibm
ibm
Security Bulletin: Pillow versions have a Denial of Service vulnerability due to uncontrolled memory allocation in ImageFont's
2024-08-14 09:50:34
Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:11:04
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pillow denial of service, vulnerability (CVE-2023-44271)
2024-02-05 19:59:52
debian
debian
[SECURITY] [DSA 5704-1] pillow security update
2024-06-05 18:59:18
[SECURITY] [DLA 3724-1] pillow security update
2024-01-29 20:03:58
[SECURITY] [DLA 3768-1] pillow security update
2024-03-22 10:00:44
ubuntucve
ubuntucve
CVE-2023-44271
2023-11-03 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
redos
redos
ROS-20240816-05
2024-08-16 00:00:00
ROS-20240411-05
2024-04-11 00:00:00
cve
cve
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
debiancve
debiancve
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
f5
f5
K000138517 : Python-Pillow vulnerability CVE-2023-44271
2024-02-07 00:00:00
K000138866 : Python Pillow vulnerability CVE-2023-50447
2024-03-09 00:00:00
oraclelinux
oraclelinux
python-pillow security update
2024-01-23 00:00:00
python-pillow security update
2024-05-23 00:00:00
python-pillow security update
2024-02-18 00:00:00
amazon
amazon
Medium: python-pillow
2024-03-27 21:32:00
Important: python-pillow
2024-02-01 19:57:00
fedora
fedora
[SECURITY] Fedora 38 Update: python-pillow-9.5.0-1.fc38
2023-11-12 01:43:47
cvelist
cvelist
CVE-2023-44271
2023-11-03 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-11-06 10:49:50
Arbitrary Code Execution
2024-01-23 09:46:39
redhat
redhat
(RHSA-2024:0345) Moderate: python-pillow security update
2024-01-23 15:58:23
(RHSA-2024:3005) Moderate: python-pillow security update
2024-05-22 06:35:19
(RHSA-2024:1059) Important: python-pillow security update
2024-02-29 17:11:25
almalinux
almalinux
Moderate: python-pillow security update
2024-05-22 00:00:00
Important: python-pillow security update
2024-02-20 00:00:00
centos
centos
python security update
2024-01-26 18:08:27
python security update
2024-02-21 14:47:57
rocky
rocky
python-pillow security update
2024-06-14 13:59:30
github
github
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
Arbitrary Code Execution in Pillow
2024-01-19 21:30:35
redhatcve
redhatcve
CVE-2023-44271
2023-11-03 16:56:36
CVE-2023-50447
2024-01-22 05:30:54
prion
prion
Code injection
2023-11-03 05:15:00
Code injection
2024-01-19 20:15:00
nvd
nvd
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
cgr
cgr
CVE-2023-50447 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-50447 vulnerabilities
2024-10-01 21:13:23
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2024-04-15 21:21:57
Updated python-pillow packages fix a security vulnerability
2024-01-30 23:57:03
alpinelinux
alpinelinux
CVE-2023-50447
2024-01-19 20:15:11
vulnrichment
vulnrichment
CVE-2023-50447
2024-01-19 00:00:00
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.7%

JSON
Related for ROSA-SA-2024-2392
osv18openvas36ubuntu1gentoo1nessus56ibm11debian3ubuntucve2redos2cve2debiancve2f52oraclelinux4amazon2fedora1cvelist2veracode2redhat10almalinux2centos2rocky1github2redhatcve2prion2nvd2cgr1wolfi1mageia2alpinelinux1vulnrichment1hp2oracle2