{
  "threat_severity" : "Moderate",
  "public_date" : "2023-06-30T00:00:00Z",
  "bugzilla" : {
    "description" : "python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument",
    "id" : "2247820",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2247820"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.", "A flaw was found in Pillow. A denial of service issue uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for TrueType in ImageFont when text length in an ImageDraw instance operates on a long text argument." ],
  "statement" : "This security vulnerability is categorized as having a moderate impact because it only results in increased memory consumption when exceptionally long strings are utilized as text input.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
    "release_date" : "2024-02-29T00:00:00Z",
    "advisory" : "RHSA-2024:1057",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
    "package" : "python3x-pillow-0:10.0.1-1.el8ap"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
    "release_date" : "2024-02-29T00:00:00Z",
    "advisory" : "RHSA-2024:1057",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
    "package" : "python-pillow-0:10.0.1-1.el9ap"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2024-01-23T00:00:00Z",
    "advisory" : "RHSA-2024:0345",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "python-pillow-0:2.0.0-24.gitd1c6db8.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3005",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "python-pillow-0:5.1.1-20.el8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-44271\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-44271\nhttps://devhub.checkmarx.com/cve-details/CVE-2023-44271/\nhttps://github.com/python-pillow/Pillow/pull/7244" ],
  "name" : "CVE-2023-44271",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}