python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-12 18:26:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Link to OSS-Fuzz [ci skip]

Browse Source
This commit is contained in:
Andrew Murray 2021-01-02 22:09:07 +11:00
parent 2711549503
commit cd316feead
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/releasenotes/8.1.0.rst
View File

@ -44,7 +44,7 @@ This release includes security fixes.
The PCX image decoder used the reported image stride to calculate the row buffer, The PCX image decoder used the reported image stride to calculate the row buffer,
rather than calculating it from the image size. This issue dates back to the PIL fork. rather than calculating it from the image size. This issue dates back to the PIL fork.
Thanks to Google's OSS-Fuzz project for finding this. Thanks to Google's `OSS-Fuzz`_ project for finding this.
* :cve:`CVE-2020-35654` Fix TIFF OOB Write error * :cve:`CVE-2020-35654` Fix TIFF OOB Write error
@ -58,9 +58,10 @@ bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.
4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the 4 byte read overflow in SGIRleDecode.c, where the code was not correctly checking the
offsets and length tables. Independently reported through `Tidelift`_ and Google's offsets and length tables. Independently reported through `Tidelift`_ and Google's
OSS-Fuzz. This vulnerability covers Pillow versions 4.3.0->8.0.1. `OSS-Fuzz`_. This vulnerability covers Pillow versions 4.3.0->8.0.1.
.. _Tidelift: https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pillow&utm_medium=referral&utm_campaign=docs .. _Tidelift: https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pillow&utm_medium=referral&utm_campaign=docs
.. _OSS-Fuzz: https://github.com/google/oss-fuzz
Dependencies Dependencies
^^^^^^^^^^^^ ^^^^^^^^^^^^