python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-08-11 15:54:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge CVE changes

Browse Source 
Put a comma back in
This commit is contained in:
Eric Soroos 2021-01-08 18:45:42 +01:00 committed by Frederick Price
parent 50ba069cc6
commit 5515707532
8 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES.rst
View File

@ -12,7 +12,10 @@ Changelog (Pillow)
since Pillow 4.3.0.
[rickprice]
- Fix CVE-2021-2791
- Fix CVE-2021-27291
[rickprice]
- Fix CVE-2021-25290
[rickprice]
- Fix CVE-2021-25291

BIN
Tests/images/crash-0c7e0e8e11ce787078f00b5b0ca409a167f070e0.tif Normal file
View File

Binary file not shown.

BIN
Tests/images/crash-1185209cf7655b5aed8ae5e77784dfdd18ab59e9.tif Normal file
View File

Binary file not shown.

BIN
Tests/images/crash-338516dbd2f0e83caddb8ce256c22db3bd6dc40f.tif Normal file
View File

Binary file not shown.

BIN
Tests/images/crash-4f085cc12ece8cde18758d42608bed6a2a2cfb1c.tif Normal file
View File

Binary file not shown.

BIN
Tests/images/crash-86214e58da443d2b80820cff9677a38a33dcbbca.tif Normal file
View File

Binary file not shown.

BIN
Tests/images/crash-f46f5b2f43c370fe65706c11449f567ecc345e74.tif Normal file
View File

Binary file not shown.

2
docs/releasenotes/6.2.2.4.rst
View File

@ -11,4 +11,6 @@ since Pillow 4.3.0.
:cve: `CVE-2021-25291`: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
:cve: `CVE-2021-2791` : Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
:cve: `CVE-2021-25290` : Fix negative size read in TiffDecode.c