2022-05-15 09:18:24 +03:00
|
|
|
9.1.1
|
|
|
|
|
-----
|
|
|
|
|
|
|
|
|
|
Security
|
|
|
|
|
========
|
|
|
|
|
|
|
|
|
|
This release addresses several security problems.
|
|
|
|
|
|
2024-03-13 21:15:16 +03:00
|
|
|
Fix CVE-2022-30595
|
|
|
|
|
^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2022-30595`
|
|
|
|
|
|
2024-03-13 21:52:53 +03:00
|
|
|
Heap buffer overflow
|
|
|
|
|
++++++++++++++++++++
|
2024-03-13 21:40:00 +03:00
|
|
|
|
2024-03-13 21:15:16 +03:00
|
|
|
When reading a TGA file with RLE packets that cross scan lines,
|
2022-05-15 09:18:24 +03:00
|
|
|
Pillow reads the information past the end of the first line without deducting that
|
|
|
|
|
from the length of the remaining file data. This vulnerability was introduced in Pillow
|
|
|
|
|
9.1.0, and can cause a heap buffer overflow.
|
|
|
|
|
|
|
|
|
|
Opening an image with a zero or negative height has been found to bypass a
|
|
|
|
|
decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn
|
|
|
|
|
raising a ``PIL.UnidentifiedImageError``.
|
