{
  "id": "CVE-2023-44271",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-11-03T05:15:30.137",
  "lastModified": "2023-11-03T05:15:30.137",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/python-pillow/Pillow/pull/7244",
      "source": "cve@mitre.org"
    }
  ]
}