Pillow/docs/releasenotes/6.2.2.rst

6.2.2
-----

Security
========

This release fixes several buffer overruns and DOS attacks reported in CVE-2019-19911, CVE-2020-5310, CVE-2020-5311, CVE-2020-5312 and CVE-2020-5313.

Fix CVE-2019-19911
^^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2019-19911`

DOS attack vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~

If an FPX image reports that it has a large number of bands, a large amount of
resources will be used when trying to process the image. This is fixed by
limiting the number of bands to those usable by Pillow.

Fix CVE-2020-5310
^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5310`

Overflow checks have been added when calculating the size of a memory block to be reallocated
in the processing of a TIFF image.

Fix CVE-2020-5311
^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5311`

Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.

Fix CVE-2020-5312
^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5312`

Buffer overruns were found when processing an SGI PCX. Checks have been added to prevent this.

Fix CVE-2020-5313
^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5313`

Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.
Added release notes [ci skip] 2020-01-02 06:36:56 +03:00			`6.2.2`
			`-----`

			`Security`
			`========`

Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00			`This release fixes several buffer overruns and DOS attacks reported in CVE-2019-19911, CVE-2020-5310, CVE-2020-5311, CVE-2020-5312 and CVE-2020-5313.`
Added release notes [ci skip] 2020-01-02 06:36:56 +03:00
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00			`Fix CVE-2019-19911`
			`^^^^^^^^^^^^^^^^^^`
Added release notes [ci skip] 2020-01-02 06:36:56 +03:00
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00			.. note:: More information about this vulnerability included in database record :cve:`2019-19911`

Clean up for #7864 2024-03-13 21:52:53 +03:00			`DOS attack vulnerability`
Fix based on 29a361d60ead196695523212dbb08a3ec4ca4b0d 2024-03-13 22:50:58 +03:00			`~~~~~~~~~~~~~~~~~~~~~~~~`
Clean up for #7864 2024-03-13 21:40:00 +03:00
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00			`If an FPX image reports that it has a large number of bands, a large amount of`
			`resources will be used when trying to process the image. This is fixed by`
			`limiting the number of bands to those usable by Pillow.`

			`Fix CVE-2020-5310`
			`^^^^^^^^^^^^^^^^^`

			.. note:: More information about this vulnerability included in database record :cve:`2020-5310`

Clean up for #7864 2024-03-13 21:40:00 +03:00			`Overflow checks have been added when calculating the size of a memory block to be reallocated`
			`in the processing of a TIFF image.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
			`Fix CVE-2020-5311`
			`^^^^^^^^^^^^^^^^^`

			.. note:: More information about this vulnerability included in database record :cve:`2020-5311`

Clean up for #7864 2024-03-13 21:40:00 +03:00			`Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
			`Fix CVE-2020-5312`
Update docs/releasenotes/6.2.2.rst Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> 2024-03-13 22:34:19 +03:00			`^^^^^^^^^^^^^^^^^`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
			.. note:: More information about this vulnerability included in database record :cve:`2020-5312`

Clean up for #7864 2024-03-13 21:40:00 +03:00			`Buffer overruns were found when processing an SGI PCX. Checks have been added to prevent this.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
			`Fix CVE-2020-5313`
Update docs/releasenotes/6.2.2.rst Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> 2024-03-13 22:34:19 +03:00			`^^^^^^^^^^^^^^^^^`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
			.. note:: More information about this vulnerability included in database record :cve:`2020-5313`

Clean up for #7864 2024-03-13 21:40:00 +03:00			`Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.`