python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-22 13:14:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Moved CVE images into password-protected zip

Browse Source
This commit is contained in:
Andrew Murray 2020-08-15 21:43:49 +10:00
parent 8deaebd5e0
commit 4354fa5402
4 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Tests/check_tiff_crashes.py
View File

@ -14,16 +14,26 @@
# version. # version.
import io
import zipfile
from PIL import Image from PIL import Image
# The vulnerabilities represented by these files have been addressed.
# However, antivirus software does not detect that this is a version of Pillow
# with those fixes, and so to prevent unnecessary alarm, the files are
# hidden inside a password-protected zip
repro_read_strip = ( repro_read_strip = (
"images/crash_1.tif", "crash_1.tif",
"images/crash_2.tif", "crash_2.tif",
) )
for path in repro_read_strip: with zipfile.ZipFile("images/crash.zip") as crashzip:
with Image.open(path) as im: for path in repro_read_strip:
try: with crashzip.open(path, pwd=b"vulnerabilitiesaddressed") as f:
im.load() data = io.BytesIO(f.read())
except Exception as msg: with Image.open(data) as im:
print(msg) try:
im.load()
except Exception as msg:
print(msg)

BIN
Tests/images/crash.zip Normal file
View File

Binary file not shown.

BIN
Tests/images/crash_1.tif
View File

Binary file not shown.

BIN
Tests/images/crash_2.tif
View File

Binary file not shown.