Pillow/docs/releasenotes/6.2.2.rst

6.2.2
-----

Security
========

This release fixes several buffer overruns and DOS attacks.

:cve:`2019-19911`: DOS attack vulnerability
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

If an FPX image reports that it has a large number of bands, a large amount of
resources will be used when trying to process the image. This is fixed by
limiting the number of bands to those usable by Pillow.

:cve:`2020-5310`: Overflow checks added to TIFF image processing
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Overflow checks have been added when calculating the size of a memory block to be reallocated
in the processing of a TIFF image.

:cve:`2020-5311`: Overflow checks added to SGI image processing
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.

:cve:`2020-5312`: Overflow checks added to PCX image processing
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Buffer overruns were found when processing a PCX image. Checks have been added to prevent this.

:cve:`2020-5313`: Overflow checks added to FLI image processing
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.
Added release notes [ci skip] 2020-01-02 06:36:56 +03:00			`6.2.2`
			`-----`

			`Security`
			`========`

[pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci 2024-03-14 21:01:09 +03:00			`This release fixes several buffer overruns and DOS attacks.`
Added release notes [ci skip] 2020-01-02 06:36:56 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589 2024-03-14 20:58:05 +03:00			:cve:`2019-19911`: DOS attack vulnerability
			`^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^`
Clean up for #7864 2024-03-13 21:40:00 +03:00
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00			`If an FPX image reports that it has a large number of bands, a large amount of`
			`resources will be used when trying to process the image. This is fixed by`
			`limiting the number of bands to those usable by Pillow.`

Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589 2024-03-14 20:58:05 +03:00			:cve:`2020-5310`: Overflow checks added to TIFF image processing
			`^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
Clean up for #7864 2024-03-13 21:40:00 +03:00			`Overflow checks have been added when calculating the size of a memory block to be reallocated`
			`in the processing of a TIFF image.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589 2024-03-14 20:58:05 +03:00			:cve:`2020-5311`: Overflow checks added to SGI image processing
			`^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
Clean up for #7864 2024-03-13 21:40:00 +03:00			`Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589 2024-03-14 20:58:05 +03:00			:cve:`2020-5312`: Overflow checks added to PCX image processing
			`^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589 2024-03-14 20:58:05 +03:00			`Buffer overruns were found when processing a PCX image. Checks have been added to prevent this.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
Fix headers and retro-add notes for #7864 - Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589 2024-03-14 20:58:05 +03:00			:cve:`2020-5313`: Overflow checks added to FLI image processing
			`^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
Clean up for #7864 2024-03-13 21:40:00 +03:00			`Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.`