Merge pull request #6850 from radarhere/releasenotes

Added release notes for #6842 and #6846
2024-12-26 01:46:18 +03:00 · 2023-01-01 22:03:09 +00:00 · 2023-01-01 22:03:09 +00:00 · 38a93a0571
commit 38a93a0571
parent 0efda9189e e908afea40
1 changed files with 14 additions and 27 deletions
--- a/docs/releasenotes/9.4.0.rst
+++ b/docs/releasenotes/9.4.0.rst
@ -1,30 +1,6 @@
 9.4.0
 -----

-Backwards Incompatible Changes
-==============================
-
-TODO
-^^^^
-
-TODO
-
-Deprecations
-============
-
-TODO
-^^^^
-
-TODO
-
-API Changes
-===========
-
-TODO
-^^^^
-
-TODO
-
 API Additions
 =============

@ -96,10 +72,21 @@ When saving a JPEG image, a comment can now be written from
 Security
 ========

-TODO
-^^^^
+Fix memory DOS in ImageFont
+^^^^^^^^^^^^^^^^^^^^^^^^^^^

-TODO
+A corrupt or specially crafted TTF font could have font metrics that lead to
+unreasonably large sizes when rendering text in font. ``ImageFont.py`` did not
+check the image size before allocating memory for it. This dates to the PIL
+fork. Pillow 8.2.0 added a check for large sizes, but did not consider the
+case where one dimension is zero.
+
+Null pointer dereference crash in ImageFont
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Pillow attempted to dereference a null pointer in ``ImageFont``, leading to a
+crash. An error is now raised instead. This has been present since
+Pillow 8.0.0.

 Other Changes
 =============