mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-25 17:36:18 +03:00
Clean up for #7864
This commit is contained in:
parent
04f60eba9c
commit
231e7384d0
|
@ -17,10 +17,10 @@ been processed before Pillow started checking for decompression bombs.
|
|||
Fix CVE-2023-44271
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Added ImageFont.MAX_STRING_LENGTH.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2023-44271`
|
||||
|
||||
Added ImageFont.MAX_STRING_LENGTH.
|
||||
|
||||
To protect against potential DOS attacks when using arbitrary strings as text
|
||||
input, Pillow will now raise a :py:exc:`ValueError` if the number of characters
|
||||
passed into ImageFont methods is over a certain limit,
|
||||
|
|
|
@ -7,8 +7,6 @@ Security
|
|||
Fix CVE-2023-4863
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
Updated install script and wheels with libwebp 1.3.2
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2023-4863`
|
||||
|
||||
This release provides an updated install script and updated wheels to
|
||||
|
|
|
@ -28,10 +28,10 @@ they do not extend beyond the bitmap image.
|
|||
Fix CVE-2023-50447
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
ImageMath.eval: Restricted environment keys.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2023-50447`
|
||||
|
||||
ImageMath.eval: Restricted environment keys.
|
||||
|
||||
If an attacker has control over the keys passed to the
|
||||
``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute
|
||||
arbitrary code. To prevent this, keys matching the names of builtins and keys
|
||||
|
|
|
@ -7,10 +7,10 @@ Security
|
|||
Fix CVE-2016-0740
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
Buffer overflow in TiffDecode.c.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2016-0740`
|
||||
|
||||
Buffer overflow in TiffDecode.c.
|
||||
|
||||
Pillow 3.1.0 and earlier when linked against
|
||||
libtiff >= 4.0.0 on x64 may overflow a buffer when reading a
|
||||
specially crafted tiff file.
|
||||
|
@ -29,10 +29,10 @@ This issue was found by security researcher FourOne.
|
|||
Fix CVE-2016-0775
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
Buffer overflow in FliDecode.c.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2016-0775`
|
||||
|
||||
Buffer overflow in FliDecode.c.
|
||||
|
||||
In all versions of Pillow, dating back at least to
|
||||
the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error.
|
||||
|
||||
|
@ -62,10 +62,10 @@ This issue was found by Alyssa Besseling at Atlassian.
|
|||
Fix CVE-2016-2533
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
Buffer overflow in PcdDecode.c.
|
||||
|
||||
.. note:: More information about this vulnerability available in :cve:`2016-2533`
|
||||
|
||||
Buffer overflow in PcdDecode.c.
|
||||
|
||||
In all versions of Pillow, dating back at least to the
|
||||
last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error.
|
||||
|
||||
|
|
|
@ -7,10 +7,10 @@ Security
|
|||
Fix CVE-2016-3076
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
Buffer overflow in Jpeg2KEncode.c.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2016-3076`
|
||||
|
||||
Buffer overflow in Jpeg2KEncode.c.
|
||||
|
||||
Pillow between 2.5.0 and 3.1.1 may overflow a buffer
|
||||
when writing large Jpeg2000 files, allowing for code execution or other
|
||||
memory corruption.
|
||||
|
|
|
@ -26,8 +26,6 @@ perform operations on it.
|
|||
Fix CVE-2019-16865
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
DOS attack vulnerabilities.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2019-16865`
|
||||
|
||||
The CVE is regarding DOS problems, such as consuming large
|
||||
|
|
|
@ -9,51 +9,39 @@ This release fixes several buffer overruns and DOS attacks reported in CVE-2019-
|
|||
Fix CVE-2019-19911
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
DOS attack vulnerability.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2019-19911`
|
||||
|
||||
DOS attack vulnerability.
|
||||
|
||||
If an FPX image reports that it has a large number of bands, a large amount of
|
||||
resources will be used when trying to process the image. This is fixed by
|
||||
limiting the number of bands to those usable by Pillow.
|
||||
|
||||
|
||||
Fix CVE-2020-5310
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks added to TIFF image processing.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-5310`
|
||||
|
||||
Overflow checks have been added when calculating the size of a
|
||||
memory block to be reallocated in the processing of a TIFF image.
|
||||
Overflow checks have been added when calculating the size of a memory block to be reallocated
|
||||
in the processing of a TIFF image.
|
||||
|
||||
Fix CVE-2020-5311
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks added to SGI image processing.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-5311`
|
||||
|
||||
Buffer overruns were found when processing an SGI image. Checks
|
||||
have been added to prevent this.
|
||||
Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.
|
||||
|
||||
Fix CVE-2020-5312
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks added to PCX image processing.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-5312`
|
||||
|
||||
Buffer overruns were found when processing an SGI PCX. Checks have
|
||||
been added to prevent this.
|
||||
Buffer overruns were found when processing an SGI PCX. Checks have been added to prevent this.
|
||||
|
||||
Fix CVE-2020-5313
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Overflow checks added to FLI image processing.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-5313`
|
||||
|
||||
Buffer overruns were found when processing an FLI image. Checks
|
||||
have been added to prevent this.
|
||||
Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.
|
||||
|
|
|
@ -9,38 +9,38 @@ This release includes many security fixes.
|
|||
Fix CVE-2020-10177
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Multiple out-of-bounds reads in FLI decoding.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-10177`
|
||||
|
||||
Multiple out-of-bounds reads in FLI decoding.
|
||||
|
||||
Fix CVE-2020-10378
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Bounds overflow in PCX decoding.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-10378`
|
||||
|
||||
Bounds overflow in PCX decoding.
|
||||
|
||||
Fix CVE-2020-10379
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Two buffer overflows in TIFF decoding
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-10379`
|
||||
|
||||
Two buffer overflows in TIFF decoding.
|
||||
|
||||
Fix CVE-2020-10994
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Bounds overflow in JPEG 2000 decoding
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-10994`
|
||||
|
||||
Bounds overflow in JPEG 2000 decoding.
|
||||
|
||||
Fix CVE-2020-11538
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Buffer overflow in SGI-RLE decoding
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-11538`
|
||||
|
||||
Buffer overflow in SGI-RLE decoding.
|
||||
|
||||
API Changes
|
||||
===========
|
||||
|
||||
|
|
|
@ -7,11 +7,9 @@ Security
|
|||
Fix CVE-2020-15999
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Update FreeType version in wheels.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-15999`
|
||||
|
||||
Update FreeType used in binary wheels to `2.10.4`_.
|
||||
Update FreeType in wheels to `2.10.4`_.
|
||||
|
||||
- A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
|
||||
introduced in FreeType version 2.6.
|
||||
|
|
|
@ -12,10 +12,10 @@ This release includes security fixes.
|
|||
Fix CVE-2020-35653
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Buffer read overrun in PCX decoding.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-35653`
|
||||
|
||||
Buffer read overrun in PCX decoding.
|
||||
|
||||
The PCX image decoder used the reported image stride to calculate
|
||||
the row buffer, rather than calculating it from the image size. This issue dates back
|
||||
to the PIL fork. Thanks to Google's `OSS-Fuzz`_ project for finding this.
|
||||
|
@ -23,10 +23,10 @@ to the PIL fork. Thanks to Google's `OSS-Fuzz`_ project for finding this.
|
|||
Fix CVE-2020-35654
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
TIFF out-of-bounds write error.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-35654`
|
||||
|
||||
TIFF out-of-bounds write error.
|
||||
|
||||
Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr
|
||||
files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04).
|
||||
In some cases LibTIFF's interpretation of the file is different when reading in RGBA mode,
|
||||
|
@ -37,10 +37,10 @@ versions from 6.0.0 to 8.0.1, depending on the version of LibTIFF. This was repo
|
|||
Fix CVE-2020-35655
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
SGI Decode buffer overrun
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2020-35655`
|
||||
|
||||
SGI Decode buffer overrun.
|
||||
|
||||
4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly
|
||||
checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's
|
||||
`OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1.
|
||||
|
|
|
@ -7,8 +7,6 @@ Security
|
|||
Fix CVE-2021-25289
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The previous fix for CVE-2020-35654 was insufficient.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-25289`
|
||||
|
||||
The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``.
|
||||
|
@ -16,40 +14,30 @@ The previous fix for :cve:`2020-35654` was insufficient due to incorrect error c
|
|||
Fix CVE-2021-25290
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
In ``TiffDecode.c`` there is a negative-offset.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-25290`
|
||||
|
||||
In ``TiffDecode.c``, there is a negative-offset ``memcpy``
|
||||
with an invalid size.
|
||||
In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.
|
||||
|
||||
Fix CVE-2021-25291
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
``TiffDecode.c`` has invalid tile boundaries.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-25291`
|
||||
|
||||
In ``TiffDecode.c``, invalid tile boundaries could lead to
|
||||
an out-of-bounds read in ``TIFFReadRGBATile``.
|
||||
In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``.
|
||||
|
||||
Fix CVE-2021-25292
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The PDF parser has a catastrophic backtracking regex.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-25292`:
|
||||
|
||||
The PDF parser has a catastrophic backtracking regex
|
||||
that could be used as a DOS attack.
|
||||
The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
|
||||
|
||||
Fix CVE-2021-25293
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-25293`
|
||||
|
||||
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
|
||||
|
||||
Other Changes
|
||||
=============
|
||||
|
|
|
@ -7,38 +7,27 @@ Security
|
|||
Fix CVE-2021-27921
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
There is an exhaustion of memory DOS in BLP images.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
|
||||
|
||||
There is an exhaustion of memory DOS in BLP
|
||||
images where Pillow did not properly check the reported size of the
|
||||
contained image. These images could cause arbitrarily large memory
|
||||
There is an exhaustion of memory DOS in BLP images. where Pillow did not properly check the
|
||||
reported size of the contained image. These images could cause arbitrarily large memory
|
||||
allocations.
|
||||
|
||||
Fix CVE-2021-27922
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
There is an exhaustion of memory DOS in ICNS images.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
|
||||
|
||||
There is an exhaustion of memory DOS in the ICNS
|
||||
images where Pillow did not properly check the reported size of the
|
||||
contained image. These images could cause arbitrarily large memory
|
||||
allocations.
|
||||
There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the
|
||||
reported size of the contained image. These images could cause arbitrarily large memory allocations.
|
||||
|
||||
Fix CVE-2021-27923
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
There is an exhaustion of memory DOS in ICO images.
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-27923`
|
||||
|
||||
There is an exhaustion of memory DOS in ICO
|
||||
images where Pillow did not properly check the reported size of the
|
||||
contained image. These images could cause arbitrarily large memory
|
||||
allocations.
|
||||
There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported
|
||||
size of the contained image. These images could cause arbitrarily large memory allocations.
|
||||
|
||||
These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
|
||||
Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.
|
||||
|
|
|
@ -9,11 +9,11 @@ These were all found with `OSS-Fuzz`_.
|
|||
Fix CVE-2021-25287, CVE-2021-25288, CVE-2021-28675
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
OOB read in Jpeg2KDecode
|
||||
|
||||
.. note:: More information about these vulnerabilities included in database records
|
||||
:cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675`
|
||||
|
||||
OOB read in Jpeg2KDecode
|
||||
|
||||
* For J2k images with multiple bands, it's legal to have different widths for each band,
|
||||
e.g. 1 byte for ``L``, 4 bytes for ``A``.
|
||||
* This dates to Pillow 2.4.0.
|
||||
|
|
|
@ -10,10 +10,10 @@ Buffer overflow
|
|||
Fix CVE-2021-34552
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Buffer overflow
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-34552`
|
||||
|
||||
Buffer overflow
|
||||
|
||||
PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
|
||||
buffer overflow in Convert.c.
|
||||
|
||||
|
|
|
@ -7,10 +7,10 @@ Security
|
|||
Fix CVE-2021-23437
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Avoid potential ReDoS (regular expression denial of service)
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2021-23437`
|
||||
|
||||
Avoid potential ReDoS (regular expression denial of service)
|
||||
|
||||
Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s
|
||||
:py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is
|
||||
too long. Present since Pillow 5.2.0.
|
||||
|
|
|
@ -46,10 +46,10 @@ Google's `OSS-Fuzz`_ project for finding this issue.
|
|||
Fix CVE-2022-22817
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Restrict builtins available to ImageMath.eval
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`
|
||||
|
||||
Restrict builtins available to ImageMath.eval.
|
||||
|
||||
To limit :py:class:`PIL.ImageMath` to working with images, Pillow
|
||||
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
|
||||
help prevent problems arising if users evaluate arbitrary expressions, such as
|
||||
|
|
|
@ -9,10 +9,10 @@ This release addresses several security problems.
|
|||
Fix CVE-2022-24303
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Temp image removal
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2022-24303`
|
||||
|
||||
Temp image removal.
|
||||
|
||||
If the path to the temporary directory on Linux or macOS
|
||||
contained a space, this would break removal of the temporary image file after
|
||||
``im.show()`` (and related actions), and potentially remove an unrelated file. This
|
||||
|
|
|
@ -9,10 +9,10 @@ This release addresses several security problems.
|
|||
Fix CVE-2022-30595
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
Heap buffer overflow
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`2022-30595`
|
||||
|
||||
Heap buffer overflow.
|
||||
|
||||
When reading a TGA file with RLE packets that cross scan lines,
|
||||
Pillow reads the information past the end of the first line without deducting that
|
||||
from the length of the remaining file data. This vulnerability was introduced in Pillow
|
||||
|
|
|
@ -9,8 +9,8 @@ TODO
|
|||
|
||||
TODO
|
||||
|
||||
Fix CVE-YYYY-XXXXX -- TODO
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
Fix CVE-YYYY-XXXXX
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
.. note:: More information about this vulnerability included in database record :cve:`YYYY-XXXXX`
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user