python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-11-04 09:57:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added more CVE numbers [ci skip]

Browse Source
This commit is contained in:
Andrew Murray 2021-03-04 17:33:47 +11:00
parent 4b73397bdf
commit b885af93cb
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/releasenotes/8.1.1.rst
View File

@ -20,11 +20,11 @@ that could be used as a DOS attack.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0.
There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
container formats where Pillow did not properly check the reported
size of the contained image. These images could cause arbitrarily
large memory allocations. This was reported by Jiayi Lin, Luke
Shaffer, Xinran Xie, and Akshay Ajayan of
There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations. This was reported
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.