mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-25 17:36:18 +03:00
Fix based on 29a361d60ead196695523212dbb08a3ec4ca4b0d
This commit is contained in:
parent
92f088919f
commit
f61e184ab0
|
@ -31,7 +31,7 @@ Fix CVE-2023-50447
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2023-50447`
|
||||
|
||||
ImageMath.eval: Restricted environment keys
|
||||
+++++++++++++++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
If an attacker has control over the keys passed to the
|
||||
``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute
|
||||
|
|
|
@ -10,7 +10,7 @@ Fix CVE-2016-0740
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2016-0740`
|
||||
|
||||
Buffer overflow in TiffDecode.c
|
||||
+++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Pillow 3.1.0 and earlier when linked against
|
||||
libtiff >= 4.0.0 on x64 may overflow a buffer when reading a
|
||||
|
@ -33,7 +33,7 @@ Fix CVE-2016-0775
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2016-0775`
|
||||
|
||||
Buffer overflow in FliDecode.c
|
||||
++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
In all versions of Pillow, dating back at least to
|
||||
the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error.
|
||||
|
@ -67,7 +67,7 @@ Fix CVE-2016-2533
|
|||
.. note:: More information about this vulnerability available in :cve:`2016-2533`
|
||||
|
||||
Buffer overflow in PcdDecode.c
|
||||
++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
In all versions of Pillow, dating back at least to the
|
||||
last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error.
|
||||
|
|
|
@ -10,7 +10,7 @@ Fix CVE-2016-3076
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2016-3076`
|
||||
|
||||
Buffer overflow in Jpeg2KEncode.c
|
||||
+++++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Pillow between 2.5.0 and 3.1.1 may overflow a buffer
|
||||
when writing large Jpeg2000 files, allowing for code execution or other
|
||||
|
|
|
@ -12,7 +12,7 @@ Fix CVE-2019-19911
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2019-19911`
|
||||
|
||||
DOS attack vulnerability
|
||||
++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
If an FPX image reports that it has a large number of bands, a large amount of
|
||||
resources will be used when trying to process the image. This is fixed by
|
||||
|
|
|
@ -10,7 +10,7 @@ Fix CVE-2020-15999
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2020-15999`
|
||||
|
||||
Update FreeType in wheels to `2.10.4`_
|
||||
++++++++++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
* A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
|
||||
introduced in FreeType version 2.6.
|
||||
|
|
|
@ -15,7 +15,7 @@ Fix CVE-2020-35653
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2020-35653`
|
||||
|
||||
Buffer read overrun in PCX decoding
|
||||
+++++++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The PCX image decoder used the reported image stride to calculate
|
||||
the row buffer, rather than calculating it from the image size. This issue dates back
|
||||
|
@ -27,7 +27,7 @@ Fix CVE-2020-35654
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2020-35654`
|
||||
|
||||
TIFF out-of-bounds write error
|
||||
++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr
|
||||
files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04).
|
||||
|
@ -42,7 +42,7 @@ Fix CVE-2020-35655
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2020-35655`
|
||||
|
||||
SGI Decode buffer overrun
|
||||
+++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly
|
||||
checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's
|
||||
|
|
|
@ -13,7 +13,7 @@ Fix CVE-2021-25287, CVE-2021-25288, CVE-2021-28675
|
|||
:cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675`
|
||||
|
||||
OOB read in Jpeg2KDecode
|
||||
++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
* For J2k images with multiple bands, it's legal to have different widths for each band,
|
||||
e.g. 1 byte for ``L``, 4 bytes for ``A``.
|
||||
|
|
|
@ -13,7 +13,7 @@ Fix CVE-2021-34552
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2021-34552`
|
||||
|
||||
Buffer overflow
|
||||
+++++++++++++++
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
|
||||
buffer overflow in Convert.c.
|
||||
|
|
|
@ -10,7 +10,7 @@ Fix CVE-2021-23437
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2021-23437`
|
||||
|
||||
Avoid potential ReDoS (regular expression denial of service)
|
||||
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s
|
||||
:py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is
|
||||
|
|
|
@ -49,7 +49,7 @@ Fix CVE-2022-22817
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`
|
||||
|
||||
Restrict builtins available to ImageMath.eval
|
||||
+++++++++++++++++++++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
To limit :py:class:`PIL.ImageMath` to working with images, Pillow
|
||||
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
|
||||
|
|
|
@ -12,7 +12,7 @@ Fix CVE-2022-24303
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2022-24303`
|
||||
|
||||
Temp image removal
|
||||
++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~
|
||||
|
||||
If the path to the temporary directory on Linux or macOS
|
||||
contained a space, this would break removal of the temporary image file after
|
||||
|
@ -25,7 +25,7 @@ Fix CVE-2022-24303
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`
|
||||
|
||||
Restrict lambda expressions
|
||||
+++++++++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
While Pillow 9.0 restricted top-level builtins available to
|
||||
:py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda
|
||||
|
|
|
@ -12,7 +12,7 @@ Fix CVE-2022-30595
|
|||
.. note:: More information about this vulnerability included in database record :cve:`2022-30595`
|
||||
|
||||
Heap buffer overflow
|
||||
++++++++++++++++++++
|
||||
~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
When reading a TGA file with RLE packets that cross scan lines,
|
||||
Pillow reads the information past the end of the first line without deducting that
|
||||
|
|
Loading…
Reference in New Issue
Block a user