2021-02-28 20:13:16 +03:00
|
|
|
8.1.1
|
|
|
|
|
-----
|
|
|
|
|
|
|
|
|
|
Security
|
|
|
|
|
========
|
|
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
:cve:`2021-25289`: The previous fix for :cve:`2020-35654` was insufficient
|
2021-03-02 14:16:14 +03:00
|
|
|
due to incorrect error checking in ``TiffDecode.c``.
|
2021-02-28 20:13:16 +03:00
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
:cve:`2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy``
|
2021-03-02 14:16:14 +03:00
|
|
|
with an invalid size.
|
2021-02-28 20:13:16 +03:00
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
:cve:`2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to
|
2021-03-02 14:16:14 +03:00
|
|
|
an out-of-bounds read in ``TIFFReadRGBATile``.
|
2021-02-28 20:13:16 +03:00
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
:cve:`2021-25292`: The PDF parser has a catastrophic backtracking regex
|
2021-02-28 20:13:16 +03:00
|
|
|
that could be used as a DOS attack.
|
|
|
|
|
|
2023-03-08 19:07:14 +03:00
|
|
|
:cve:`2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
|
2021-03-02 14:16:14 +03:00
|
|
|
since Pillow 4.3.0.
|
2021-02-28 20:13:16 +03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
Other Changes
|
|
|
|
|
=============
|
|
|
|
|
|
2021-03-03 14:38:24 +03:00
|
|
|
A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on
|
2021-03-03 12:34:52 +03:00
|
|
|
unreleased Python 3.10 has been fixed (:issue:`5193`).
|
