Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Affected versions of the pillow package are vulnerable to Integer Overflow due to unchecked accumulation of glyph advance values while tracking the current rendering position during font processing. When a font supplies an excessively large advance for each glyph, the running position counter wraps around because the arithmetic is performed in a fixed-width integer type that cannot represent the resulting magnitude. A remote attacker who can supply a crafted font file to a target that uses Pillow's font rendering can trigger the overflow, leading to incorrect memory calculations and potential memory corruption.

Affected versions of the pillow package are vulnerable to Denial of Service due to an unbounded loop when traversing PDF cross-reference trailer chains without cycle detection. The PdfParser module follows Prev pointers in PDF trailers to read cross-reference sections, but it does not track previously processed offsets, so a trailer whose Prev pointer references its own offset or forms a longer cycle causes the parser to loop indefinitely. A remote attacker who supplies a crafted PDF document can cause the parsing process to hang, consuming 100% CPU and rendering the consuming application unresponsive.

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.