mirror of
https://github.com/python-pillow/Pillow.git
synced 2025-07-01 10:23:34 +03:00
commit
470e48be4f
|
@ -5,6 +5,15 @@ Changelog (Pillow)
|
||||||
8.1.0 (unreleased)
|
8.1.0 (unreleased)
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
|
- Fix TIFF OOB Write error. CVE-2020-35654 #5175
|
||||||
|
[wiredfool]
|
||||||
|
|
||||||
|
- Fix for Read Overflow in PCX Decoding. CVE-2020-35653 #5174
|
||||||
|
[wiredfool, radarhere]
|
||||||
|
|
||||||
|
- Fix for SGI Decode buffer overrun. CVE-2020-35655 #5173
|
||||||
|
[wiredfool, radarhere]
|
||||||
|
|
||||||
- Fix OOB Read when saving GIF of xsize=1 #5149
|
- Fix OOB Read when saving GIF of xsize=1 #5149
|
||||||
[wiredfool]
|
[wiredfool]
|
||||||
|
|
||||||
|
|
|
@ -20,14 +20,6 @@ Makefile
|
||||||
|
|
||||||
The 'install-venv' target has been deprecated.
|
The 'install-venv' target has been deprecated.
|
||||||
|
|
||||||
API Changes
|
|
||||||
===========
|
|
||||||
|
|
||||||
TODO
|
|
||||||
^^^^
|
|
||||||
|
|
||||||
TODO
|
|
||||||
|
|
||||||
API Additions
|
API Additions
|
||||||
=============
|
=============
|
||||||
|
|
||||||
|
@ -44,8 +36,32 @@ already exists for the ICNS format.
|
||||||
Security
|
Security
|
||||||
========
|
========
|
||||||
|
|
||||||
An out-of-bounds read when saving TIFFs with custom metadata through libtiff has been
|
This release includes security fixes.
|
||||||
fixed, as well as when saving a GIF of 1px width.
|
|
||||||
|
* An out-of-bounds read when saving TIFFs with custom metadata through LibTIFF
|
||||||
|
* An out-of-bounds read when saving a GIF of 1px width
|
||||||
|
* :cve:`CVE-2020-35653` Buffer read overrun in PCX decoding
|
||||||
|
|
||||||
|
The PCX image decoder used the reported image stride to calculate the row buffer,
|
||||||
|
rather than calculating it from the image size. This issue dates back to the PIL fork.
|
||||||
|
Thanks to Google's `OSS-Fuzz`_ project for finding this.
|
||||||
|
|
||||||
|
* :cve:`CVE-2020-35654` Fix TIFF OOB Write error
|
||||||
|
|
||||||
|
OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTIFF versions
|
||||||
|
(4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases LibTIFF's
|
||||||
|
interpretation of the file is different when reading in RGBA mode, leading to an Out of
|
||||||
|
bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to
|
||||||
|
8.0.1, depending on the version of LibTIFF. This was reported through `Tidelift`_.
|
||||||
|
|
||||||
|
* :cve:`CVE-2020-35655` Fix for SGI Decode buffer overrun
|
||||||
|
|
||||||
|
4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the
|
||||||
|
offsets and length tables. Independently reported through `Tidelift`_ and Google's
|
||||||
|
`OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1.
|
||||||
|
|
||||||
|
.. _Tidelift: https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pillow&utm_medium=referral&utm_campaign=docs
|
||||||
|
.. _OSS-Fuzz: https://github.com/google/oss-fuzz
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
^^^^^^^^^^^^
|
^^^^^^^^^^^^
|
||||||
|
|
Loading…
Reference in New Issue
Block a user