HCE1-SA-2024-0061 Important HCE 1.1 Security Fix(es): Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). (CVE-2023-50447) An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. (CVE-2023-44271) HCE 1.1 python-pillow-2.0.0-25.gitd1c6db8.hce1c.x86_64.rpm