python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-12 18:26:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

[pre-commit.ci] auto fixes from pre-commit.com hooks

Browse Source 
for more information, see https://pre-commit.ci
This commit is contained in:
pre-commit-ci[bot] 2024-03-14 18:01:09 +00:00 committed by Alex Clark
parent c69dcc1c29
commit 3aefe92bdf
6 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releasenotes/2.3.1.rst
View File

@ -14,4 +14,4 @@ The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in E
:cve:`2014-1933`: Fix insecure use of :py:func:`tempfile.mktemp`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.

2
docs/releasenotes/2.3.2.rst
View File

@ -9,4 +9,4 @@ Security
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
block size.
block size.

2
docs/releasenotes/2.5.2.rst
View File

@ -9,4 +9,4 @@ Security
``PIL/IcnsImagePlugin.py`` in Python Imaging Library (PIL) and Pillow before 2.3.2 and
2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted
block size.
block size.

2
docs/releasenotes/6.2.2.rst
View File

@ -4,7 +4,7 @@
Security
========
This release fixes several buffer overruns and DOS attacks.
This release fixes several buffer overruns and DOS attacks.
:cve:`2019-19911`: DOS attack vulnerability
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

6
docs/releasenotes/7.1.0.rst
View File

@ -14,7 +14,7 @@ Pillow before 7.1.0 has multiple out-of-bounds reads in ``libImaging/FliDecode.c
:cve:`2020-10378`: Bounds overflow in PCX decoding
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
In ``libImaging/PcxDecode.c`` in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
:cve:`2020-10379`: Two buffer overflows in TIFF decoding
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -24,12 +24,12 @@ In Pillow before 7.1.0, there are two buffer overflows in ``libImaging/TiffDecod
:cve:`2020-10994`: Bounds overflow in JPEG 2000 decoding
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
In ``libImaging/Jpeg2KDecode.c`` in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
:cve:`2020-11538`: Buffer overflow in SGI-RLE decoding
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In ``libImaging/SgiRleDecode.c`` in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
In ``libImaging/SgiRleDecode.c`` in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
API Changes
===========

4
docs/releasenotes/8.1.2.rst
View File

@ -11,13 +11,13 @@ There is an exhaustion of memory DOS in BLP images. where Pillow did not properl
reported size of the contained image. These images could cause arbitrarily large memory
allocations.
:cve:`2021-27921`: There is an exhaustion of memory DOS in ICNS images
:cve:`2021-27921`: There is an exhaustion of memory DOS in ICNS images
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the
reported size of the contained image. These images could cause arbitrarily large memory allocations.
:cve:`2021-27923`: There is an exhaustion of memory DOS in ICO images
:cve:`2021-27923`: There is an exhaustion of memory DOS in ICO images
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported