Pillow/docs/releasenotes/8.1.2.rst

8.1.2
-----

Security
========

Fix CVE-2021-27921
^^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2021-27921`

There is an exhaustion of memory DOS in BLP images. where Pillow did not properly check the
reported size of the contained image. These images could cause arbitrarily large memory
allocations.

Fix CVE-2021-27922
^^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2021-27921`

There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the
reported size of the contained image. These images could cause arbitrarily large memory allocations.

Fix CVE-2021-27923
^^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2021-27923`

There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported
size of the contained image. These images could cause arbitrarily large memory allocations.

These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.
Added release notes for 8.1.2 2021-03-06 05:21:30 +03:00			`8.1.2`
			`-----`

			`Security`
			`========`

Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00			`Fix CVE-2021-27921`
			`^^^^^^^^^^^^^^^^^^`

			.. note:: More information about this vulnerability included in database record :cve:`2021-27921`

Clean up for #7864 2024-03-13 21:40:00 +03:00			`There is an exhaustion of memory DOS in BLP images. where Pillow did not properly check the`
			`reported size of the contained image. These images could cause arbitrarily large memory`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00			`allocations.`

			`Fix CVE-2021-27922`
			`^^^^^^^^^^^^^^^^^^`

			.. note:: More information about this vulnerability included in database record :cve:`2021-27921`

Clean up for #7864 2024-03-13 21:40:00 +03:00			`There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the`
			`reported size of the contained image. These images could cause arbitrarily large memory allocations.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
			`Fix CVE-2021-27923`
			`^^^^^^^^^^^^^^^^^^`

			.. note:: More information about this vulnerability included in database record :cve:`2021-27923`

Clean up for #7864 2024-03-13 21:40:00 +03:00			`There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported`
			`size of the contained image. These images could cause arbitrarily large memory allocations.`
Clean up for #7864 Before back fill, clean up. - Add suggested CVE format to template - Move Security to the top of release notes - Fix headings - Update all existing CVE notes to match template 2024-03-13 21:15:16 +03:00
			`These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and`
			Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.