CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.7%
Software: python-pillow 2.0.0-25
OS: rosa-server79
package_evr_string: python-pillow-2.0.0.0-25.gitd1c6db8.res7
CVE-ID: CVE-2023-44271
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem has been detected in Pillow. It is a denial of service that uncontrollably allocates memory to process a given task, which can cause a service failure due to lack of memory. This occurs for truetype in ImageFont when the text length in an ImageDraw instance operates on a long text argument.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python-pillow command
CVE-ID: CVE-2023-50447
BDU-ID: 2024-00775
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the eval() function of the ImageMath module of the ImageMath module of the Pillow image manipulation library involves improper control of code generation when processing the environment parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update python-pillow command.