python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-07-04 11:53:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added heading

Browse Source
This commit is contained in:
Andrew Murray 2024-03-17 18:30:56 +11:00
parent 9cf0ece464
commit fe06d419fc
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/releasenotes/9.1.1.rst
View File

@ -14,6 +14,9 @@ Pillow reads the information past the end of the first line without deducting th
from the length of the remaining file data. This vulnerability was introduced in Pillow from the length of the remaining file data. This vulnerability was introduced in Pillow
9.1.0, and can cause a heap buffer overflow. 9.1.0, and can cause a heap buffer overflow.
Decompression bomb check fix
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Opening an image with a zero or negative height has been found to bypass a Opening an image with a zero or negative height has been found to bypass a
decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn
raising a ``PIL.UnidentifiedImageError``. raising a ``PIL.UnidentifiedImageError``.