An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
{ "nvd_published_at": "2023-11-03T05:15:30Z", "cwe_ids": [ "CWE-400", "CWE-770" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-11-03T19:39:43Z" }