python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2024-12-26 01:46:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix based on 29a361d60ead196695523212dbb08a3ec4ca4b0d

Browse Source
This commit is contained in:
Alex Clark 2024-03-13 15:50:58 -04:00
parent 92f088919f
commit f61e184ab0
12 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releasenotes/10.2.0.rst
View File

@ -31,7 +31,7 @@ Fix CVE-2023-50447
.. note:: More information about this vulnerability included in database record :cve:`2023-50447` .. note:: More information about this vulnerability included in database record :cve:`2023-50447`
ImageMath.eval: Restricted environment keys ImageMath.eval: Restricted environment keys
+++++++++++++++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If an attacker has control over the keys passed to the If an attacker has control over the keys passed to the
``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute ``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute

6
docs/releasenotes/3.1.1.rst
View File

@ -10,7 +10,7 @@ Fix CVE-2016-0740
.. note:: More information about this vulnerability included in database record :cve:`2016-0740` .. note:: More information about this vulnerability included in database record :cve:`2016-0740`
Buffer overflow in TiffDecode.c Buffer overflow in TiffDecode.c
+++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pillow 3.1.0 and earlier when linked against Pillow 3.1.0 and earlier when linked against
libtiff >= 4.0.0 on x64 may overflow a buffer when reading a libtiff >= 4.0.0 on x64 may overflow a buffer when reading a
@ -33,7 +33,7 @@ Fix CVE-2016-0775
.. note:: More information about this vulnerability included in database record :cve:`2016-0775` .. note:: More information about this vulnerability included in database record :cve:`2016-0775`
Buffer overflow in FliDecode.c Buffer overflow in FliDecode.c
++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all versions of Pillow, dating back at least to In all versions of Pillow, dating back at least to
the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error. the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error.
@ -67,7 +67,7 @@ Fix CVE-2016-2533
.. note:: More information about this vulnerability available in :cve:`2016-2533` .. note:: More information about this vulnerability available in :cve:`2016-2533`
Buffer overflow in PcdDecode.c Buffer overflow in PcdDecode.c
++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all versions of Pillow, dating back at least to the In all versions of Pillow, dating back at least to the
last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error. last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error.

2
docs/releasenotes/3.1.2.rst
View File

@ -10,7 +10,7 @@ Fix CVE-2016-3076
.. note:: More information about this vulnerability included in database record :cve:`2016-3076` .. note:: More information about this vulnerability included in database record :cve:`2016-3076`
Buffer overflow in Jpeg2KEncode.c Buffer overflow in Jpeg2KEncode.c
+++++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pillow between 2.5.0 and 3.1.1 may overflow a buffer Pillow between 2.5.0 and 3.1.1 may overflow a buffer
when writing large Jpeg2000 files, allowing for code execution or other when writing large Jpeg2000 files, allowing for code execution or other

2
docs/releasenotes/6.2.2.rst
View File

@ -12,7 +12,7 @@ Fix CVE-2019-19911
.. note:: More information about this vulnerability included in database record :cve:`2019-19911` .. note:: More information about this vulnerability included in database record :cve:`2019-19911`
DOS attack vulnerability DOS attack vulnerability
++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~
If an FPX image reports that it has a large number of bands, a large amount of If an FPX image reports that it has a large number of bands, a large amount of
resources will be used when trying to process the image. This is fixed by resources will be used when trying to process the image. This is fixed by

2
docs/releasenotes/8.0.1.rst
View File

@ -10,7 +10,7 @@ Fix CVE-2020-15999
.. note:: More information about this vulnerability included in database record :cve:`2020-15999` .. note:: More information about this vulnerability included in database record :cve:`2020-15999`
Update FreeType in wheels to `2.10.4`_ Update FreeType in wheels to `2.10.4`_
++++++++++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* A heap buffer overflow has been found in the handling of embedded PNG bitmaps, * A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6. introduced in FreeType version 2.6.

6
docs/releasenotes/8.1.0.rst
View File

@ -15,7 +15,7 @@ Fix CVE-2020-35653
.. note:: More information about this vulnerability included in database record :cve:`2020-35653` .. note:: More information about this vulnerability included in database record :cve:`2020-35653`
Buffer read overrun in PCX decoding Buffer read overrun in PCX decoding
+++++++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The PCX image decoder used the reported image stride to calculate The PCX image decoder used the reported image stride to calculate
the row buffer, rather than calculating it from the image size. This issue dates back the row buffer, rather than calculating it from the image size. This issue dates back
@ -27,7 +27,7 @@ Fix CVE-2020-35654
.. note:: More information about this vulnerability included in database record :cve:`2020-35654` .. note:: More information about this vulnerability included in database record :cve:`2020-35654`
TIFF out-of-bounds write error TIFF out-of-bounds write error
++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr
files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04).
@ -42,7 +42,7 @@ Fix CVE-2020-35655
.. note:: More information about this vulnerability included in database record :cve:`2020-35655` .. note:: More information about this vulnerability included in database record :cve:`2020-35655`
SGI Decode buffer overrun SGI Decode buffer overrun
+++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~
4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly 4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly
checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's

2
docs/releasenotes/8.2.0.rst
View File

@ -13,7 +13,7 @@ Fix CVE-2021-25287, CVE-2021-25288, CVE-2021-28675
:cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675` :cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675`
OOB read in Jpeg2KDecode OOB read in Jpeg2KDecode
++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~
* For J2k images with multiple bands, it's legal to have different widths for each band, * For J2k images with multiple bands, it's legal to have different widths for each band,
e.g. 1 byte for ``L``, 4 bytes for ``A``. e.g. 1 byte for ``L``, 4 bytes for ``A``.

2
docs/releasenotes/8.3.0.rst
View File

@ -13,7 +13,7 @@ Fix CVE-2021-34552
.. note:: More information about this vulnerability included in database record :cve:`2021-34552` .. note:: More information about this vulnerability included in database record :cve:`2021-34552`
Buffer overflow Buffer overflow
+++++++++++++++ ~~~~~~~~~~~~~~~
PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
buffer overflow in Convert.c. buffer overflow in Convert.c.

2
docs/releasenotes/8.3.2.rst
View File

@ -10,7 +10,7 @@ Fix CVE-2021-23437
.. note:: More information about this vulnerability included in database record :cve:`2021-23437` .. note:: More information about this vulnerability included in database record :cve:`2021-23437`
Avoid potential ReDoS (regular expression denial of service) Avoid potential ReDoS (regular expression denial of service)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s
:py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is :py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is

2
docs/releasenotes/9.0.0.rst
View File

@ -49,7 +49,7 @@ Fix CVE-2022-22817
.. note:: More information about this vulnerability included in database record :cve:`2022-22817` .. note:: More information about this vulnerability included in database record :cve:`2022-22817`
Restrict builtins available to ImageMath.eval Restrict builtins available to ImageMath.eval
+++++++++++++++++++++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To limit :py:class:`PIL.ImageMath` to working with images, Pillow To limit :py:class:`PIL.ImageMath` to working with images, Pillow
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will

4
docs/releasenotes/9.0.1.rst
View File

@ -12,7 +12,7 @@ Fix CVE-2022-24303
.. note:: More information about this vulnerability included in database record :cve:`2022-24303` .. note:: More information about this vulnerability included in database record :cve:`2022-24303`
Temp image removal Temp image removal
++++++++++++++++++ ~~~~~~~~~~~~~~~~~~
If the path to the temporary directory on Linux or macOS If the path to the temporary directory on Linux or macOS
contained a space, this would break removal of the temporary image file after contained a space, this would break removal of the temporary image file after
@ -25,7 +25,7 @@ Fix CVE-2022-24303
.. note:: More information about this vulnerability included in database record :cve:`2022-22817` .. note:: More information about this vulnerability included in database record :cve:`2022-22817`
Restrict lambda expressions Restrict lambda expressions
+++++++++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
While Pillow 9.0 restricted top-level builtins available to While Pillow 9.0 restricted top-level builtins available to
:py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda :py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda

2
docs/releasenotes/9.1.1.rst
View File

@ -12,7 +12,7 @@ Fix CVE-2022-30595
.. note:: More information about this vulnerability included in database record :cve:`2022-30595` .. note:: More information about this vulnerability included in database record :cve:`2022-30595`
Heap buffer overflow Heap buffer overflow
++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~
When reading a TGA file with RLE packets that cross scan lines, When reading a TGA file with RLE packets that cross scan lines,
Pillow reads the information past the end of the first line without deducting that Pillow reads the information past the end of the first line without deducting that