Advisories » MGASA-2024-0133

Updated python-pillow packages fix security vulnerabilities

Publication date: 15 Apr 2024
Modification date: 15 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-44271 , CVE-2024-28219

Description

CVE-2023-44271 Denial of Service that uncontrollably allocates memory to
process a given task, potentially causing a service to crash by having
it run out of memory. This occurs for truetype in ImageFont when
textlength in an ImageDraw instance operates on a long text argument.
CVE-2024-28219 A buffer overflow exists because strcpy is used instead
of strncpy.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32512
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219

SRPMS

9/core

• python-pillow-9.2.0-3.2.mga9