Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`
Vulnerability Description
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未经控制的内存分配
Vulnerability Title
Pillow 资源管理错误漏洞
Vulnerability Description
Pillow是Pillow组织开源的一款基于Python的图像处理库。 Pillow 12.3.0之前版本存在资源管理错误漏洞,该漏洞源于在组装字体字形图像时未调用Image._decompression_bomb_check(),可能导致转换或保存过程中触发过度内存分配。
CVSS Information
N/A
Vulnerability Type
N/A