python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-13 02:36:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Link to TideLift [ci skip]

Browse Source
This commit is contained in:
Andrew Murray 2021-01-02 22:07:03 +11:00
parent d88fdcda06
commit 2711549503
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/releasenotes/8.1.0.rst
View File

@ -52,13 +52,15 @@ OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versi
(4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's
interpretation of the file is different when reading in RGBA mode, leading to an Out of interpretation of the file is different when reading in RGBA mode, leading to an Out of
bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to
8.0.1, depending on the version of LibTIFF. This was reported through Tidelift. 8.0.1, depending on the version of LibTIFF. This was reported through `Tidelift`_.
* :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun * :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun
4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the 4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the
offsets and length tables. Independently reported through Tidelift and Google's OSS-Fuzz. offsets and length tables. Independently reported through `Tidelift`_ and Google's
This vulnerability covers Pillow versions 4.3.0->8.0.1. OSS-Fuzz. This vulnerability covers Pillow versions 4.3.0->8.0.1.
.. _Tidelift: https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pillow&utm_medium=referral&utm_campaign=docs
Dependencies Dependencies
^^^^^^^^^^^^ ^^^^^^^^^^^^