Hugovk

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 10.0.0 **Description** The issue is related to a Denial of Service in Pillow, where the `truetype` function in `ImageFont` uncontrollably allocates memory when processing a long text argument in an `ImageDraw` instance. This can cause a service to crash due to memory exhaustion. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Pillow versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the length of text arguments passed to the `textlength` function in `ImageDraw` instances to prevent excessive memory allocation.

**Name of the Vulnerable Software and Affected Versions** Pillow versions 9.2.0 through 9.2.x and prior to 9.3.0 can be simplified to: Pillow versions 9.2.0 through 9.3.0, but since 9.3.0 is the fixed version, the correct representation is: Pillow versions prior to 9.3.0 **Description** The issue is related to the Pillow library's handling of image decoding, specifically in the TiffImagePlugin.py module. A large value in the `SAMPLESPERPIXEL` tag can lead to a denial of service attack, causing memory and runtime exhaustion when setting up the context for image decoding. **Recommendations** For Pillow versions prior to 9.3.0, update to version 9.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `TiffImagePlugin.py` module or limiting the value of the `SAMPLESPERPIXEL` tag to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 7.1.0 Pillow versions 7.x prior to 7.0.1 Pillow version 6.2.3 and earlier **Description** The issue involves two Buffer Overflows in libImaging/TiffDecode.c. This affects Pillow, where the buffer overflows can occur due to improper handling in the TiffDecode.c file within the libImaging module. **Recommendations** For Pillow versions prior to 7.1.0, update to version 7.1.0 or later. For Pillow versions 7.x prior to 7.0.1, update to version 7.0.1 or later. For Pillow version 6.2.3 and earlier, update to a version later than 6.2.3. As a temporary workaround, consider restricting access to the `libImaging/TiffDecode.c` module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 7.1.0 **Description** The issue is related to multiple out-of-bounds reads that can occur via a crafted JP2 file in the libImaging/Jpeg2KDecode.c module. **Recommendations** For Pillow versions prior to 7.1.0, update to version 7.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 7.0.1 **Description** The issue exists in the parsing of SGI image files, where a number of out-of-bounds reads are present in the libImaging/SgiRleDecode.c module. **Recommendations** For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 7.1.0 Pillow versions 7.x prior to 7.0.1 Pillow version 6.2.2 and earlier **Description** The issue is related to multiple out-of-bounds reads in the libImaging/FliDecode.c library. This could allow a remote attacker to access confidential data. **Recommendations** For Pillow versions prior to 7.1.0, update to version 7.1.0 or later. For Pillow versions 7.x prior to 7.0.1, update to version 7.0.1 or later. For Pillow version 6.2.2 and earlier, update to version 6.2.3 or later.