Pillow/docs/releasenotes/6.2.2.rst

18 lines
631 B
ReStructuredText
Raw Normal View History

2020-01-02 06:36:56 +03:00
6.2.2
-----
Security
========
2020-01-03 22:33:10 +03:00
This release addresses several security problems.
2020-01-02 06:36:56 +03:00
CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number
of bands, a large amount of resources will be used when trying to process the
image. This is fixed by limiting the number of bands to those usable by Pillow.
2020-01-03 22:33:10 +03:00
Buffer overruns were found when processing an SGI (CVE-2020-5311), PCX (CVE-2020-5312)
or FLI image (CVE-2020-5313). Checks have been added to prevent this.
2020-01-02 06:36:56 +03:00
2020-01-03 22:33:10 +03:00
CVE-2020-5310: Overflow checks have been added when calculating the size of a memory
block to be reallocated in the processing of a TIFF image.