PyPI: pillow

CVE-2023-44271

Safety vulnerability ID: SFTY-20231103-51767

Safety legacy ID: pyup.io-62156

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244

PythonPyPINVDNVDGitHubGHSA
Created at: Apr 22, 2026Updated at: Apr 22, 2026

Overview

Pillow Denial of Service vulnerability

Advisory

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244

Affected Package

Affecting pillow package, versions
<10.0.0

Also affects

---

How to Fix

Upgrade
pillow
to
10.0.0
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more