python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-14 01:04:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make formatting more consistent.

Browse Source 
Remove inconsistent formatting.
This commit is contained in:
Marc Gutman 2023-04-24 10:55:06 -05:00 committed by GitHub
parent 1b07df1d1c
commit 53268adb21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/releasenotes/6.2.2.5.rst
View File

@ -13,7 +13,6 @@ This release addresses several critical CVEs.
:cve:`CVE-2022-22815`: Fixed ImagePath.Path array handling :cve:`CVE-2022-22815`: Fixed ImagePath.Path array handling
:cve:`CVE-2021-28675`: Fix DOS in PsdImagePlugin :cve:`CVE-2021-28675`: Fix DOS in PsdImagePlugin
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* :py:class:`.PsdImagePlugin.PsdImageFile` did not sanity check the number of input * :py:class:`.PsdImagePlugin.PsdImageFile` did not sanity check the number of input
layers with regard to the size of the data block, this could lead to a layers with regard to the size of the data block, this could lead to a
@ -25,17 +24,8 @@ This release addresses several critical CVEs.
:cve:`CVE-2020-10994`: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. :cve:`CVE-2020-10994`: In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
:cve:`CVE-2021-28676``: FliDecode did not properly check that the block advance was non-zero, :cve:`CVE-2021-28676``: FliDecode did not properly check that the block advance was non-zero, potentally leading to an infinite loop on load.
potentally leading to an infinite loop on load.
:cve:`CVE-2021-28677`: An issue was discovered in Pillow before 8.2.0. For EPS :cve:`CVE-2021-28677`: An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
data, the readline implementation used in EPSImageFile
has to deal with any combination of \r and \n as line
endings. It used an accidentally quadratic method of
accumulating lines while looking for a line ending. A
malicious EPS file could use this to perform a DoS of
Pillow in the open phase, before an image was accepted
for opening.
:cve: `CVE-2022-45199`: Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
:cve:`CVE-2022-45199`: Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.