python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-22 13:14:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Moved CVE images into password-protected zip

Browse Source
This commit is contained in:
Andrew Murray 2020-08-15 21:43:49 +10:00
parent 8deaebd5e0
commit 4354fa5402
4 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Tests/check_tiff_crashes.py
View File

@ -14,15 +14,25 @@
# version.
import io
import zipfile
from PIL import Image
# The vulnerabilities represented by these files have been addressed.
# However, antivirus software does not detect that this is a version of Pillow
# with those fixes, and so to prevent unnecessary alarm, the files are
# hidden inside a password-protected zip
repro_read_strip = (
"images/crash_1.tif",
"images/crash_2.tif",
"crash_1.tif",
"crash_2.tif",
)
with zipfile.ZipFile("images/crash.zip") as crashzip:
for path in repro_read_strip:
with Image.open(path) as im:
with crashzip.open(path, pwd=b"vulnerabilitiesaddressed") as f:
data = io.BytesIO(f.read())
with Image.open(data) as im:
try:
im.load()
except Exception as msg:

BIN
Tests/images/crash.zip Normal file
View File

Binary file not shown.

BIN
Tests/images/crash_1.tif
View File

Binary file not shown.

BIN
Tests/images/crash_2.tif
View File

Binary file not shown.