mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-27 18:36:17 +03:00
13 lines
456 B
ReStructuredText
13 lines
456 B
ReStructuredText
|
8.1.2
|
||
|
-----
|
||
|
|
||
|
Security
|
||
|
========
|
||
|
|
||
|
There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
|
||
|
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
|
||
|
where Pillow did not properly check the reported size of the contained image.
|
||
|
These images could cause arbitrarily large memory allocations. This was reported
|
||
|
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
|
||
|
`Arizona State University <https://www.asu.edu/>`_.
|