Pillow/docs/releasenotes/8.1.2.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

16 lines
529 B
ReStructuredText
Raw Normal View History

2021-03-06 05:21:30 +03:00
8.1.2
-----
Security
========
2024-03-15 00:37:01 +03:00
:cve:`2021-27921`, :cve:`2021-27922`, :cve:`2021-27923`: Fix DOS attacks
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2024-03-15 00:37:01 +03:00
There is an exhaustion of memory DOS attack in BLP, ICNS, ICO images
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations.
2024-03-15 00:37:01 +03:00
These issues were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.