python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-02-14 18:40:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added more CVE numbers [ci skip]

Browse Source
This commit is contained in:
Andrew Murray 2021-03-04 17:33:47 +11:00
parent a10d2c950a
commit 8fb5e5035b
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releasenotes/8.1.1.rst
View File

@ -20,11 +20,11 @@ that could be used as a DOS attack.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``, :cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0. since Pillow 4.3.0.
There is an exhaustion of memory DOS in the ICNS, ICO, and BLP There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
container formats where Pillow did not properly check the reported ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
size of the contained image. These images could cause arbitrarily where Pillow did not properly check the reported size of the contained image.
large memory allocations. This was reported by Jiayi Lin, Luke These images could cause arbitrarily large memory allocations. This was reported
Shaffer, Xinran Xie, and Akshay Ajayan of by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_. `Arizona State University <https://www.asu.edu/>`_.