python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-12-26 01:46:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Clean up for #7864

Browse Source
This commit is contained in:
Alex Clark 2024-03-13 14:40:00 -04:00
parent 04f60eba9c
commit 231e7384d0
19 changed files with 60 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/releasenotes/10.0.0.rst
View File

@ -17,10 +17,10 @@ been processed before Pillow started checking for decompression bombs.
Fix CVE-2023-44271
^^^^^^^^^^^^^^^^^^
Added ImageFont.MAX_STRING_LENGTH.
.. note:: More information about this vulnerability included in database record :cve:`2023-44271`
Added ImageFont.MAX_STRING_LENGTH.
To protect against potential DOS attacks when using arbitrary strings as text
input, Pillow will now raise a :py:exc:`ValueError` if the number of characters
passed into ImageFont methods is over a certain limit,

2
docs/releasenotes/10.0.1.rst
View File

@ -7,8 +7,6 @@ Security
Fix CVE-2023-4863
^^^^^^^^^^^^^^^^^
Updated install script and wheels with libwebp 1.3.2
.. note:: More information about this vulnerability included in database record :cve:`2023-4863`
This release provides an updated install script and updated wheels to

4
docs/releasenotes/10.2.0.rst
View File

@ -28,10 +28,10 @@ they do not extend beyond the bitmap image.
Fix CVE-2023-50447
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ImageMath.eval: Restricted environment keys.
.. note:: More information about this vulnerability included in database record :cve:`2023-50447`
ImageMath.eval: Restricted environment keys.
If an attacker has control over the keys passed to the
``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute
arbitrary code. To prevent this, keys matching the names of builtins and keys

12
docs/releasenotes/3.1.1.rst
View File

@ -7,10 +7,10 @@ Security
Fix CVE-2016-0740
^^^^^^^^^^^^^^^^^
Buffer overflow in TiffDecode.c.
.. note:: More information about this vulnerability included in database record :cve:`2016-0740`
Buffer overflow in TiffDecode.c.
Pillow 3.1.0 and earlier when linked against
libtiff >= 4.0.0 on x64 may overflow a buffer when reading a
specially crafted tiff file.
@ -29,10 +29,10 @@ This issue was found by security researcher FourOne.
Fix CVE-2016-0775
^^^^^^^^^^^^^^^^^
Buffer overflow in FliDecode.c.
.. note:: More information about this vulnerability included in database record :cve:`2016-0775`
Buffer overflow in FliDecode.c.
In all versions of Pillow, dating back at least to
the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error.
@ -62,10 +62,10 @@ This issue was found by Alyssa Besseling at Atlassian.
Fix CVE-2016-2533
^^^^^^^^^^^^^^^^^
Buffer overflow in PcdDecode.c.
.. note:: More information about this vulnerability available in :cve:`2016-2533`
Buffer overflow in PcdDecode.c.
In all versions of Pillow, dating back at least to the
last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error.

4
docs/releasenotes/3.1.2.rst
View File

@ -7,10 +7,10 @@ Security
Fix CVE-2016-3076
^^^^^^^^^^^^^^^^^
Buffer overflow in Jpeg2KEncode.c.
.. note:: More information about this vulnerability included in database record :cve:`2016-3076`
Buffer overflow in Jpeg2KEncode.c.
Pillow between 2.5.0 and 3.1.1 may overflow a buffer
when writing large Jpeg2000 files, allowing for code execution or other
memory corruption.

2
docs/releasenotes/6.2.0.rst
View File

@ -26,8 +26,6 @@ perform operations on it.
Fix CVE-2019-16865
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DOS attack vulnerabilities.
.. note:: More information about this vulnerability included in database record :cve:`2019-16865`
The CVE is regarding DOS problems, such as consuming large

26
docs/releasenotes/6.2.2.rst
View File

@ -9,51 +9,39 @@ This release fixes several buffer overruns and DOS attacks reported in CVE-2019-
Fix CVE-2019-19911
^^^^^^^^^^^^^^^^^^
DOS attack vulnerability.
.. note:: More information about this vulnerability included in database record :cve:`2019-19911`
DOS attack vulnerability.
If an FPX image reports that it has a large number of bands, a large amount of
resources will be used when trying to process the image. This is fixed by
limiting the number of bands to those usable by Pillow.
Fix CVE-2020-5310
^^^^^^^^^^^^^^^^^
Overflow checks added to TIFF image processing.
.. note:: More information about this vulnerability included in database record :cve:`2020-5310`
Overflow checks have been added when calculating the size of a
memory block to be reallocated in the processing of a TIFF image.
Overflow checks have been added when calculating the size of a memory block to be reallocated
in the processing of a TIFF image.
Fix CVE-2020-5311
^^^^^^^^^^^^^^^^^
Overflow checks added to SGI image processing.
.. note:: More information about this vulnerability included in database record :cve:`2020-5311`
Buffer overruns were found when processing an SGI image. Checks
have been added to prevent this.
Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.
Fix CVE-2020-5312
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Overflow checks added to PCX image processing.
.. note:: More information about this vulnerability included in database record :cve:`2020-5312`
Buffer overruns were found when processing an SGI PCX. Checks have
been added to prevent this.
Buffer overruns were found when processing an SGI PCX. Checks have been added to prevent this.
Fix CVE-2020-5313
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Overflow checks added to FLI image processing.
.. note:: More information about this vulnerability included in database record :cve:`2020-5313`
Buffer overruns were found when processing an FLI image. Checks
have been added to prevent this.
Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.

20
docs/releasenotes/7.1.0.rst
View File

@ -9,38 +9,38 @@ This release includes many security fixes.
Fix CVE-2020-10177
^^^^^^^^^^^^^^^^^^
Multiple out-of-bounds reads in FLI decoding.
.. note:: More information about this vulnerability included in database record :cve:`2020-10177`
Multiple out-of-bounds reads in FLI decoding.
Fix CVE-2020-10378
^^^^^^^^^^^^^^^^^^
Bounds overflow in PCX decoding.
.. note:: More information about this vulnerability included in database record :cve:`2020-10378`
Bounds overflow in PCX decoding.
Fix CVE-2020-10379
^^^^^^^^^^^^^^^^^^
Two buffer overflows in TIFF decoding
.. note:: More information about this vulnerability included in database record :cve:`2020-10379`
Two buffer overflows in TIFF decoding.
Fix CVE-2020-10994
^^^^^^^^^^^^^^^^^^
Bounds overflow in JPEG 2000 decoding
.. note:: More information about this vulnerability included in database record :cve:`2020-10994`
Bounds overflow in JPEG 2000 decoding.
Fix CVE-2020-11538
^^^^^^^^^^^^^^^^^^
Buffer overflow in SGI-RLE decoding
.. note:: More information about this vulnerability included in database record :cve:`2020-11538`
Buffer overflow in SGI-RLE decoding.
API Changes
===========

4
docs/releasenotes/8.0.1.rst
View File

@ -7,11 +7,9 @@ Security
Fix CVE-2020-15999
^^^^^^^^^^^^^^^^^^
Update FreeType version in wheels.
.. note:: More information about this vulnerability included in database record :cve:`2020-15999`
Update FreeType used in binary wheels to `2.10.4`_.
Update FreeType in wheels to `2.10.4`_.
- A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6.

12
docs/releasenotes/8.1.0.rst
View File

@ -12,10 +12,10 @@ This release includes security fixes.
Fix CVE-2020-35653
^^^^^^^^^^^^^^^^^^
Buffer read overrun in PCX decoding.
.. note:: More information about this vulnerability included in database record :cve:`2020-35653`
Buffer read overrun in PCX decoding.
The PCX image decoder used the reported image stride to calculate
the row buffer, rather than calculating it from the image size. This issue dates back
to the PIL fork. Thanks to Google's `OSS-Fuzz`_ project for finding this.
@ -23,10 +23,10 @@ to the PIL fork. Thanks to Google's `OSS-Fuzz`_ project for finding this.
Fix CVE-2020-35654
^^^^^^^^^^^^^^^^^^
TIFF out-of-bounds write error.
.. note:: More information about this vulnerability included in database record :cve:`2020-35654`
TIFF out-of-bounds write error.
Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr
files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04).
In some cases LibTIFF's interpretation of the file is different when reading in RGBA mode,
@ -37,10 +37,10 @@ versions from 6.0.0 to 8.0.1, depending on the version of LibTIFF. This was repo
Fix CVE-2020-35655
^^^^^^^^^^^^^^^^^^
SGI Decode buffer overrun
.. note:: More information about this vulnerability included in database record :cve:`2020-35655`
SGI Decode buffer overrun.
4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly
checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's
`OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1.

20
docs/releasenotes/8.1.1.rst
View File

@ -7,8 +7,6 @@ Security
Fix CVE-2021-25289
^^^^^^^^^^^^^^^^^^
The previous fix for CVE-2020-35654 was insufficient.
.. note:: More information about this vulnerability included in database record :cve:`2021-25289`
The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``.
@ -16,40 +14,30 @@ The previous fix for :cve:`2020-35654` was insufficient due to incorrect error c
Fix CVE-2021-25290
^^^^^^^^^^^^^^^^^^
In ``TiffDecode.c`` there is a negative-offset.
.. note:: More information about this vulnerability included in database record :cve:`2021-25290`
In ``TiffDecode.c``, there is a negative-offset ``memcpy``
with an invalid size.
In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.
Fix CVE-2021-25291
^^^^^^^^^^^^^^^^^^
``TiffDecode.c`` has invalid tile boundaries.
.. note:: More information about this vulnerability included in database record :cve:`2021-25291`
In ``TiffDecode.c``, invalid tile boundaries could lead to
an out-of-bounds read in ``TIFFReadRGBATile``.
In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``.
Fix CVE-2021-25292
^^^^^^^^^^^^^^^^^^
The PDF parser has a catastrophic backtracking regex.
.. note:: More information about this vulnerability included in database record :cve:`2021-25292`:
The PDF parser has a catastrophic backtracking regex
that could be used as a DOS attack.
The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
Fix CVE-2021-25293
^^^^^^^^^^^^^^^^^^
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
.. note:: More information about this vulnerability included in database record :cve:`2021-25293`
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
Other Changes
=============

23
docs/releasenotes/8.1.2.rst
View File

@ -7,38 +7,27 @@ Security
Fix CVE-2021-27921
^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in BLP images.
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
There is an exhaustion of memory DOS in BLP
images where Pillow did not properly check the reported size of the
contained image. These images could cause arbitrarily large memory
There is an exhaustion of memory DOS in BLP images. where Pillow did not properly check the
reported size of the contained image. These images could cause arbitrarily large memory
allocations.
Fix CVE-2021-27922
^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in ICNS images.
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
There is an exhaustion of memory DOS in the ICNS
images where Pillow did not properly check the reported size of the
contained image. These images could cause arbitrarily large memory
allocations.
There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the
reported size of the contained image. These images could cause arbitrarily large memory allocations.
Fix CVE-2021-27923
^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in ICO images.
.. note:: More information about this vulnerability included in database record :cve:`2021-27923`
There is an exhaustion of memory DOS in ICO
images where Pillow did not properly check the reported size of the
contained image. These images could cause arbitrarily large memory
allocations.
There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported
size of the contained image. These images could cause arbitrarily large memory allocations.
These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.

4
docs/releasenotes/8.2.0.rst
View File

@ -9,11 +9,11 @@ These were all found with `OSS-Fuzz`_.
Fix CVE-2021-25287, CVE-2021-25288, CVE-2021-28675
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OOB read in Jpeg2KDecode
.. note:: More information about these vulnerabilities included in database records
:cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675`
OOB read in Jpeg2KDecode
* For J2k images with multiple bands, it's legal to have different widths for each band,
e.g. 1 byte for ``L``, 4 bytes for ``A``.
* This dates to Pillow 2.4.0.

4
docs/releasenotes/8.3.0.rst
View File

@ -10,10 +10,10 @@ Buffer overflow
Fix CVE-2021-34552
^^^^^^^^^^^^^^^^^^
Buffer overflow
.. note:: More information about this vulnerability included in database record :cve:`2021-34552`
Buffer overflow
PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
buffer overflow in Convert.c.

4
docs/releasenotes/8.3.2.rst
View File

@ -7,10 +7,10 @@ Security
Fix CVE-2021-23437
^^^^^^^^^^^^^^^^^^
Avoid potential ReDoS (regular expression denial of service)
.. note:: More information about this vulnerability included in database record :cve:`2021-23437`
Avoid potential ReDoS (regular expression denial of service)
Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s
:py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is
too long. Present since Pillow 5.2.0.

4
docs/releasenotes/9.0.0.rst
View File

@ -46,10 +46,10 @@ Google's `OSS-Fuzz`_ project for finding this issue.
Fix CVE-2022-22817
^^^^^^^^^^^^^^^^^^
Restrict builtins available to ImageMath.eval
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`
Restrict builtins available to ImageMath.eval.
To limit :py:class:`PIL.ImageMath` to working with images, Pillow
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
help prevent problems arising if users evaluate arbitrary expressions, such as

4
docs/releasenotes/9.0.1.rst
View File

@ -9,10 +9,10 @@ This release addresses several security problems.
Fix CVE-2022-24303
^^^^^^^^^^^^^^^^^^
Temp image removal
.. note:: More information about this vulnerability included in database record :cve:`2022-24303`
Temp image removal.
If the path to the temporary directory on Linux or macOS
contained a space, this would break removal of the temporary image file after
``im.show()`` (and related actions), and potentially remove an unrelated file. This

4
docs/releasenotes/9.1.1.rst
View File

@ -9,10 +9,10 @@ This release addresses several security problems.
Fix CVE-2022-30595
^^^^^^^^^^^^^^^^^^
Heap buffer overflow
.. note:: More information about this vulnerability included in database record :cve:`2022-30595`
Heap buffer overflow.
When reading a TGA file with RLE packets that cross scan lines,
Pillow reads the information past the end of the first line without deducting that
from the length of the remaining file data. This vulnerability was introduced in Pillow

4
docs/releasenotes/template.rst
View File

@ -9,8 +9,8 @@ TODO
TODO
Fix CVE-YYYY-XXXXX -- TODO
^^^^^^^^^^^^^^^^^^^^^^^^^^
Fix CVE-YYYY-XXXXX
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`YYYY-XXXXX`