Lucene search
UbuntuUSN-6618-1HistoryJan 30, 2024 - 12:00 a.m.
Pillow vulnerabilities
2024-01-3000:00:00
ubuntu.com
57
pillow
ubuntu
denial of service
cve-2023-44271
arbitrary code
cve-2023-50447
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.4
Confidence
High
EPSS
0.001
Percentile
43.7%
Releases
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- pillow - Python Imaging Library
Details
It was discovered that Pillow incorrectly handled certain long text
arguments. An attacker could possibly use this issue to cause Pillow to
consume resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-44271)
Duarte Santos discovered that Pillow incorrectly handled the environment
parameter to PIL.ImageMath.eval. An attacker could possibly use this issue
to execute arbitrary code. (CVE-2023-50447)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | python3-pil | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python-pil-doc | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python3-pil-dbgsym | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python3-pil.imagetk | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | python3-pil.imagetk-dbgsym | < 10.0.0-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python-pil-doc | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil-dbgsym | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil.imagetk | < 9.0.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-pil.imagetk-dbgsym | < 9.0.1-1ubuntu0.2 | UNKNOWN |
Related
osv
osv
pillow vulnerabilities
2024-01-30 15:17:54
pillow - security update
2024-06-05 00:00:00
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
openvas
openvas
Ubuntu: Security Advisory (USN-6618-1)
2024-01-31 00:00:00
Debian: Security Advisory (DSA-5704-1)
2024-07-01 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1071)
2024-01-09 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2392
2024-04-11 07:13:20
gentoo
gentoo
Pillow: Multiple Vulnerabilities
2024-05-05 00:00:00
nessus
nessus
Oracle Linux 8 : python-pillow (ELSA-2024-3005)
2024-05-28 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Pillow vulnerabilities (USN-6618-1)
2024-01-30 00:00:00
GLSA-202405-12 : Pillow: Multiple Vulnerabilities
2024-05-06 00:00:00
ibm
ibm
Security Bulletin: Pillow versions have a Denial of Service vulnerability due to uncontrolled memory allocation in ImageFont's
2024-08-14 09:50:34
debian
debian
[SECURITY] [DSA 5704-1] pillow security update
2024-06-05 18:59:18
[SECURITY] [DLA 3724-1] pillow security update
2024-01-29 20:03:58
[SECURITY] [DLA 3768-1] pillow security update
2024-03-22 10:00:44
ubuntucve
ubuntucve
CVE-2023-44271
2023-11-03 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
redos
redos
ROS-20240816-05
2024-08-16 00:00:00
ROS-20240411-05
2024-04-11 00:00:00
cve
cve
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
debiancve
debiancve
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
f5
f5
K000138517 : Python-Pillow vulnerability CVE-2023-44271
2024-02-07 00:00:00
K000138866 : Python Pillow vulnerability CVE-2023-50447
2024-03-09 00:00:00
oraclelinux
oraclelinux
python-pillow security update
2024-01-23 00:00:00
python-pillow security update
2024-05-23 00:00:00
python-pillow security update
2024-02-18 00:00:00
amazon
amazon
Medium: python-pillow
2024-03-27 21:32:00
Important: python-pillow
2024-02-01 19:57:00
fedora
fedora
[SECURITY] Fedora 38 Update: python-pillow-9.5.0-1.fc38
2023-11-12 01:43:47
cvelist
cvelist
CVE-2023-44271
2023-11-03 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-11-06 10:49:50
Arbitrary Code Execution
2024-01-23 09:46:39
redhat
redhat
(RHSA-2024:0345) Moderate: python-pillow security update
2024-01-23 15:58:23
(RHSA-2024:3005) Moderate: python-pillow security update
2024-05-22 06:35:19
(RHSA-2024:1059) Important: python-pillow security update
2024-02-29 17:11:25
almalinux
almalinux
Moderate: python-pillow security update
2024-05-22 00:00:00
Important: python-pillow security update
2024-02-20 00:00:00
centos
centos
python security update
2024-01-26 18:08:27
python security update
2024-02-21 14:47:57
rocky
rocky
python-pillow security update
2024-06-14 13:59:30
github
github
Pillow Denial of Service vulnerability
2023-11-03 06:36:30
Arbitrary Code Execution in Pillow
2024-01-19 21:30:35
redhatcve
redhatcve
CVE-2023-44271
2023-11-03 16:56:36
CVE-2023-50447
2024-01-22 05:30:54
prion
prion
Code injection
2023-11-03 05:15:00
Code injection
2024-01-19 20:15:00
nvd
nvd
CVE-2023-44271
2023-11-03 05:15:30
CVE-2023-50447
2024-01-19 20:15:11
cgr
cgr
CVE-2023-50447 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-50447 vulnerabilities
2024-10-01 21:13:23
mageia
mageia
Updated python-pillow packages fix security vulnerabilities
2024-04-15 21:21:57
Updated python-pillow packages fix a security vulnerability
2024-01-30 23:57:03
alpinelinux
alpinelinux
CVE-2023-50447
2024-01-19 20:15:11
vulnrichment
vulnrichment
CVE-2023-50447
2024-01-19 00:00:00
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.4
Confidence
High
EPSS
0.001
Percentile
43.7%
Related for USN-6618-1