Search for packages
Package details: pkg:deb/debian/pillow@9.4.0-1.1
purl pkg:deb/debian/pillow@9.4.0-1.1
Tags Ghost
Next non-vulnerable version 9.4.0-1.1+deb12u1
Latest non-vulnerable version 9.4.0-1.1+deb12u1
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-vyep-db8n-aaar
Aliases:
BIT-pillow-2023-44271
CVE-2023-44271
GHSA-8ghj-p4vj-mr35
PYSEC-2023-227
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
10.0.0-1
Affected by 0 other vulnerabilities.
10.1.0-1
Affected by 0 other vulnerabilities.
10.3.0-2
Affected by 0 other vulnerabilities.
VCID-ydt8-c1kr-aaak
Aliases:
CVE-2023-50447
GHSA-3f63-hfp8-52jq
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
10.3.0-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-05-20T15:07:32.589615+00:00 Debian Importer Affected by VCID-ydt8-c1kr-aaak https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-26T05:20:52.474085+00:00 Debian Importer Affected by VCID-vyep-db8n-aaar None 34.0.0rc4
2024-04-26T05:20:49.016795+00:00 Debian Importer Affected by VCID-vyep-db8n-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-25T21:40:39.752369+00:00 Debian Importer Fixing VCID-rhnd-s6hv-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-25T21:40:38.189820+00:00 Debian Importer Fixing VCID-rhnd-s6hv-aaar None 34.0.0rc4
2024-04-25T12:36:54.827154+00:00 Debian Importer Fixing VCID-frct-6cfh-aaae https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-25T12:36:53.278258+00:00 Debian Importer Fixing VCID-frct-6cfh-aaae None 34.0.0rc4
2024-04-24T21:47:20.931764+00:00 Debian Importer Fixing VCID-bnjc-ytj1-aaaq https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-24T21:47:20.175227+00:00 Debian Importer Fixing VCID-bnjc-ytj1-aaaq None 34.0.0rc4
2024-01-12T07:53:09.608818+00:00 Debian Importer Fixing VCID-rhnd-s6hv-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-12T07:53:07.993168+00:00 Debian Importer Fixing VCID-rhnd-s6hv-aaar None 34.0.0rc2
2024-01-11T14:29:30.768370+00:00 Debian Importer Fixing VCID-frct-6cfh-aaae https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-11T14:29:27.688077+00:00 Debian Importer Fixing VCID-frct-6cfh-aaae None 34.0.0rc2
2024-01-10T22:41:25.253485+00:00 Debian Importer Fixing VCID-bnjc-ytj1-aaaq https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-10T22:41:24.473092+00:00 Debian Importer Fixing VCID-bnjc-ytj1-aaaq None 34.0.0rc2
2024-01-05T09:51:42.926963+00:00 Debian Importer Affected by VCID-vyep-db8n-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-05T09:51:42.074101+00:00 Debian Importer Affected by VCID-vyep-db8n-aaar None 34.0.0rc1
2024-01-05T05:49:03.083109+00:00 Debian Importer Fixing VCID-rhnd-s6hv-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-05T05:49:01.497230+00:00 Debian Importer Fixing VCID-rhnd-s6hv-aaar None 34.0.0rc1
2024-01-05T00:00:37.684642+00:00 Debian Importer Fixing VCID-frct-6cfh-aaae https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-05T00:00:34.313583+00:00 Debian Importer Fixing VCID-frct-6cfh-aaae None 34.0.0rc1
2024-01-04T11:51:54.549836+00:00 Debian Importer Fixing VCID-bnjc-ytj1-aaaq https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-04T11:51:53.725286+00:00 Debian Importer Fixing VCID-bnjc-ytj1-aaaq None 34.0.0rc1