Merge pull request #12 from ActiveState/BE-141-cve-2020-10379

BE-141-CVE-2020-10379

CHANGES.rst

@@ -28,6 +28,9 @@ since Pillow 4.3.0.
 - Fix for CVE-2021-23437
   [rickprice]
 
+- Fix for CVE-2020-10379
+  [rickprice]
+
 6.2.2.3 (2023-02-23)
 ------------------
 

Tests/check_tiff_crashes.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+# Reproductions/tests for crashes/read errors in TiffDecode.c
+
+# When run in python, all of these images should fail for
+# one reason or another, either as a buffer overrun,
+# unrecognized datastream, or truncated image file.
+# There shouldn't be any segfaults.
+#
+# if run like
+# `valgrind --tool=memcheck python check_tiff_crashes.py  2>&1 | grep TiffDecode.c`
+# the output should be empty. There may be python issues
+# in the valgrind especially if run in a debug python
+# version.
+
+
+from PIL import Image
+
+repro_read_strip = (
+    "images/crash_1.tif",
+    "images/crash_2.tif",
+)
+
+for path in repro_read_strip:
+    with Image.open(path) as im:
+        try:
+            im.load()
+        except Exception as msg:
+            print(msg)

docs/releasenotes/6.2.2.4.rst

@@ -20,3 +20,5 @@ since Pillow 4.3.0.
 :cve: `CVE-2021-25290` : Fix negative size read in TiffDecode.c
 
 :cve: `CVE-2021-23437` : Raise ValueError if color specifier is too long
+
+:cve: `CVE-2020-10379` : In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.