python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-06-30 18:03:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5306 from radarhere/releasenotes

Browse Source 
Added more CVE numbers to 8.1.1 release notes
This commit is contained in:
Hugo van Kemenade 2021-03-04 13:23:09 +02:00 committed by GitHub
commit b511d704ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releasenotes/8.1.1.rst
View File

@ -20,11 +20,11 @@ that could be used as a DOS attack.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``, :cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0. since Pillow 4.3.0.
There is an exhaustion of memory DOS in the ICNS, ICO, and BLP There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
container formats where Pillow did not properly check the reported ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
size of the contained image. These images could cause arbitrarily where Pillow did not properly check the reported size of the contained image.
large memory allocations. This was reported by Jiayi Lin, Luke These images could cause arbitrarily large memory allocations. This was reported
Shaffer, Xinran Xie, and Akshay Ajayan of by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_. `Arizona State University <https://www.asu.edu/>`_.