python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-14 11:26:27 +03:00
Code Issues Packages Projects Releases Wiki Activity
04f60eba9c
Pillow/docs/releasenotes/8.1.2.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

45 lines
1.3 KiB
ReStructuredText
Raw Normal View History

Added release notes for 8.1.2
2021-03-06 05:21:30 +03:00
8.1.2
-----
Security
========
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template
2024-03-13 21:15:16 +03:00
Fix CVE-2021-27921
^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in BLP images.
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
There is an exhaustion of memory DOS in BLP
images where Pillow did not properly check the reported size of the
contained image. These images could cause arbitrarily large memory
allocations.
Fix CVE-2021-27922
^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in ICNS images.
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
There is an exhaustion of memory DOS in the ICNS
images where Pillow did not properly check the reported size of the
contained image. These images could cause arbitrarily large memory
allocations.
Fix CVE-2021-27923
^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in ICO images.
.. note:: More information about this vulnerability included in database record :cve:`2021-27923`
There is an exhaustion of memory DOS in ICO
images where Pillow did not properly check the reported size of the
contained image. These images could cause arbitrarily large memory
allocations.
These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.
Reference in New Issue Copy Permalink