diff --git a/SOURCES/CVE-2023-44271.patch b/SOURCES/CVE-2023-44271.patch
new file mode 100644
index 0000000..264e436
--- /dev/null
+++ b/SOURCES/CVE-2023-44271.patch
@@ -0,0 +1,76 @@
+From ca6bb16f2d10dfc918ddc857118ed3ba7e5db90d Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Mon, 13 Nov 2023 12:30:56 +0100
+Subject: [PATCH] CVE-2023-44271
+
+---
+ PIL/ImageFont.py | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/PIL/ImageFont.py b/PIL/ImageFont.py
+index 8ec60fe..4503df4 100644
+--- a/PIL/ImageFont.py
++++ b/PIL/ImageFont.py
+@@ -35,11 +35,20 @@ class _imagingft_not_installed:
+ def __getattr__(self, id):
+ raise ImportError("The _imagingft C module is not installed")
+
++MAX_STRING_LENGTH = 1000000
++
+ try:
+ import _imagingft as core
+ except ImportError:
+ core = _imagingft_not_installed()
+
++
++def _string_length_check(text):
++ if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH:
++ msg = "too many characters in string"
++ raise ValueError(msg)
++
++
+ # FIXME: add support for pilfont2 format (see FontFile.py)
+
+ # --------------------------------------------------------------------
+@@ -118,9 +127,12 @@ class ImageFont:
+
+ self.font = Image.core.font(image.im, data)
+
+- # delegate critical operations to internal type
+- self.getsize = self.font.getsize
+- self.getmask = self.font.getmask
++ def getsize(self, text):
++ _string_length_check(text)
++ return self.font.getsize(text)
++
++ def getmask(self, text, mode=""):
++ return self.font.getmask(text, mode)
+
+ ##
+ # Wrapper for FreeType fonts. Application code should use the
+@@ -140,12 +152,14 @@ class FreeTypeFont:
+ return self.font.ascent, self.font.descent
+
+ def getsize(self, text):
++ _string_length_check(text)
+ return self.font.getsize(text)[0]
+
+ def getmask(self, text, mode=""):
+ return self.getmask2(text, mode)[0]
+
+ def getmask2(self, text, mode="", fill=Image.core.fill):
++ _string_length_check(text)
+ size, offset = self.font.getsize(text)
+ im = fill("L", size, 0)
+ self.font.render(text, im.id, mode=="1")
+@@ -168,6 +182,7 @@ class TransposedFont:
+ self.orientation = orientation # any 'transpose' argument, or None
+
+ def getsize(self, text):
++ _string_length_check(text)
+ w, h = self.font.getsize(text)
+ if self.orientation in (Image.ROTATE_90, Image.ROTATE_270):
+ return h, w
+--
+2.41.0
+
diff --git a/SPECS/python-pillow.spec b/SPECS/python-pillow.spec
index 0aeef05..ab25e95 100644
--- a/SPECS/python-pillow.spec
+++ b/SPECS/python-pillow.spec
@@ -23,7 +23,7 @@
Name: python-pillow
Version: 2.0.0
-Release: 23%{?snap}%{?dist}
+Release: 24%{?snap}%{?dist}
Summary: Python image processing library
# License: see http://www.pythonware.com/products/pil/license.htm
@@ -67,6 +67,10 @@ Patch19: CVE-2022-22817.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2042511
# https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Patch20: CVE-2022-22815_CVE-2022-22816.patch
+# CVE-2023-44271 python-pillow: uncontrolled resource consumption when textlength
+# in an ImageDraw instance operates on a long text argument
+# Upstream fix: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
+Patch21: CVE-2023-44271.patch
BuildRequires: python2-devel
@@ -239,6 +243,7 @@ PIL image wrapper for Qt.
%patch5 -p2 -b .cve_2020_5313
%patch19 -p1 -b .CVE-2022-22817
%patch20 -p1 -b .CVE-2022-22815_CVE-2022-22816
+%patch21 -p1 -b .CVE-2023-44271
%if %{with_python3}
# Create Python 3 source tree
@@ -396,6 +401,10 @@ popd
%endif
%changelog
+* Mon Nov 13 2023 LumÃr Balhar <lbalhar@redhat.com> - 2.0.0-24gitd1c6db8
+- Security fix for CVE-2023-44271
+Resolves: RHEL-15459
+
* Fri Feb 11 2022 Charalampos Stratakis <cstratak@redhat.com> - 2.0.0-23gitd1c6db8
- Fixup for CVE-2022-22817
- Security fixes for CVE-2022-22815, CVE-2022-22816