python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-03-03 11:35:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add to release notes

Browse Source
This commit is contained in:
Hugo van Kemenade 2022-10-28 18:03:50 +03:00
parent 799a6a0105
commit 0846bfae48
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/releasenotes/9.3.0.rst
View File

@ -49,6 +49,15 @@ decode the data in its natural CMYK mode, then convert it to RGB and rearrange
the channels afterwards. Trying to load the data in an incorrect mode could
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.
Limit SAMPLESPERPIXEL to avoid runtime DOS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
``TiffImagePlugin.py`` when setting up the context for image decoding.
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
``SAMPLESPERPIXEL`` to the number of planes that we can decode.
Other Changes
=============
@ -88,3 +97,5 @@ Show all frames with ImageShow
When calling :py:meth:`~PIL.Image.Image.show` or using
:py:mod:`~PIL.ImageShow`, all frames will now be shown.
.. _OSS-Fuzz: https://github.com/google/oss-fuzz