Pillow/docs/releasenotes/8.1.2.rst

8.1.2
-----

Security
========

There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations. This was reported
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.
Added release notes for 8.1.2 2021-03-06 05:21:30 +03:00			`8.1.2`
			`-----`

			`Security`
			`========`

			There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
			ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
			`where Pillow did not properly check the reported size of the contained image.`
			`These images could cause arbitrarily large memory allocations. This was reported`
			`by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of`
			`Arizona State University <https://www.asu.edu/>`_.