python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-27 01:34:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5306 from radarhere/releasenotes

Browse Source 
Added more CVE numbers to 8.1.1 release notes
This commit is contained in:
Hugo van Kemenade 2021-03-04 13:23:09 +02:00 committed by GitHub
commit b511d704ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releasenotes/8.1.1.rst
View File

@ -20,11 +20,11 @@ that could be used as a DOS attack.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0.
There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
container formats where Pillow did not properly check the reported
size of the contained image. These images could cause arbitrarily
large memory allocations. This was reported by Jiayi Lin, Luke
Shaffer, Xinran Xie, and Akshay Ajayan of
There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations. This was reported
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.