From 8fb5e5035b9f5a1b5008a91e355e507bef8563ee Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Thu, 4 Mar 2021 17:33:47 +1100 Subject: [PATCH] Added more CVE numbers [ci skip] --- docs/releasenotes/8.1.1.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/releasenotes/8.1.1.rst b/docs/releasenotes/8.1.1.rst index f5c2ed90c..90a786ec4 100644 --- a/docs/releasenotes/8.1.1.rst +++ b/docs/releasenotes/8.1.1.rst @@ -20,11 +20,11 @@ that could be used as a DOS attack. :cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``, since Pillow 4.3.0. -There is an exhaustion of memory DOS in the ICNS, ICO, and BLP -container formats where Pillow did not properly check the reported -size of the contained image. These images could cause arbitrarily -large memory allocations. This was reported by Jiayi Lin, Luke -Shaffer, Xinran Xie, and Akshay Ajayan of +There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`), +ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats +where Pillow did not properly check the reported size of the contained image. +These images could cause arbitrarily large memory allocations. This was reported +by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of `Arizona State University `_.