Thanks to visit codestin.com
Credit goes to github.com

Skip to content

CVE-2023-44271: Added ImageFont.MAX_STRING_LENGTH#37

Merged
icanhasmath merged 3 commits into
9.5.xfrom
cve-2023-44271
Apr 21, 2026
Merged

CVE-2023-44271: Added ImageFont.MAX_STRING_LENGTH#37
icanhasmath merged 3 commits into
9.5.xfrom
cve-2023-44271

Conversation

@icanhasmath

Copy link
Copy Markdown

Backports upstream fix for CVE-2023-44271 (DoS via unbounded text length in ImageFont methods).

Source

Changes

  • Adds MAX_STRING_LENGTH = 1_000_000 guard raising ValueError in 6 methods: ImageFont.getbbox/.getlength, FreeTypeFont.getbbox/.getlength/.getmask2, TransposedFont.getlength.
  • New test test_too_many_characters in Tests/test_imagefont.py.
  • Release notes added to new docs/releasenotes/9.5.0.1.rst (upstream's 10.0.0.rst addition was dropped — not applicable to 9.5.x).

Test plan

  • pytest Tests/test_imagefont.py

radarhere and others added 3 commits April 20, 2026 23:58

@martinPavesio martinPavesio left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@icanhasmath icanhasmath merged commit 6a7939b into 9.5.x Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants