2020-01-02 06:36:56 +03:00
|
|
|
6.2.2
|
|
|
|
|
-----
|
|
|
|
|
|
|
|
|
|
Security
|
|
|
|
|
========
|
|
|
|
|
|
2020-01-03 22:33:10 +03:00
|
|
|
This release addresses several security problems.
|
2020-01-02 06:36:56 +03:00
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
:cve:`2019-19911` is regarding FPX images. If an image reports that it has a large
|
2020-12-17 07:46:51 +03:00
|
|
|
number of bands, a large amount of resources will be used when trying to process the
|
2020-01-02 06:36:56 +03:00
|
|
|
image. This is fixed by limiting the number of bands to those usable by Pillow.
|
|
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
Buffer overruns were found when processing an SGI (:cve:`2020-5311`),
|
|
|
|
|
PCX (:cve:`2020-5312`) or FLI image (:cve:`2020-5313`). Checks have been added
|
2020-12-17 07:46:51 +03:00
|
|
|
to prevent this.
|
2020-01-02 06:36:56 +03:00
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
:cve:`2020-5310`: Overflow checks have been added when calculating the size of a
|
2020-12-17 07:46:51 +03:00
|
|
|
memory block to be reallocated in the processing of a TIFF image.
|
