14 lines
1.2 KiB
JSON
14 lines
1.2 KiB
JSON
{
|
|
"id": "openEuler-SA-2023-1856",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1856",
|
|
"title": "An update for python-pillow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
|
|
"severity": "Important",
|
|
"description": "Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \\ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. %package -n python3-pillow Summary: Python 3 image processing library Provides: python3-imaging = -\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.(CVE-2023-44271)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2023-44271",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44271",
|
|
"severity": "Important"
|
|
}
|
|
]
|
|
} |