Pillow

python-pillow/Pillow

Fork 0

mirror of https://github.com/python-pillow/Pillow.git synced 2024-11-11 20:27:06 +03:00

Commit Graph

Author	SHA1	Message	Date
Eric Soroos	5a5e6db0ab	Fix EPS DOS on _open -- CVE-2021-28677 * The readline used in EPS has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. * A malicious EPS file could use this to perform a DOS of Pillow in the open phase, before an image was accepted for opening. * This dates to the PIL Fork	2021-04-01 17:17:18 +03:00

Author

SHA1

Message

Date

Eric Soroos

5a5e6db0ab

Fix EPS DOS on _open -- CVE-2021-28677

* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork

2021-04-01 17:17:18 +03:00

1 Commits