Hugo van Kemenade
6108596ff8
Merge pull request #5289 from radarhere/ipythonviewer
2021-03-07 14:26:50 +02:00
Hugo van Kemenade
3a27118d76
Merge pull request #5183 from radarhere/rectangle
...
Only draw each rectangle outline pixel once
2021-03-07 12:25:45 +02:00
Hugo van Kemenade
f15f573e51
Merge pull request #5224 from radarhere/mapper
2021-03-07 11:51:46 +02:00
Hugo van Kemenade
f9b830f058
Merge pull request #5214 from radarhere/pcx
...
Handle PCX images with an odd stride
2021-03-07 11:41:14 +02:00
Hugo van Kemenade
95986f38da
Merge pull request #5168 from radarhere/mpo
2021-03-07 11:38:36 +02:00
Eric Soroos
480f6819b5
Fix Memory DOS in Icns, Ico and Blp Image Plugins
...
Some container plugins that could contain images of other formats,
such as the ICNS format, did not properly check the reported size of
the contained image. These images could cause arbitrariliy large
memory allocations.
This is fixed for all locations where individual *ImageFile classes
are created without going through the usual Image.open method.
2021-03-06 10:19:14 +11:00
Andrew Murray
7b09463809
Added IPythonViewer docstring
2021-03-04 08:56:49 +11:00
Andrew Murray
f067fe4c05
Added import alias for clarity
2021-03-04 08:56:03 +11:00
Andrew Murray
346bfc9537
Added IPythonViewer
2021-03-04 08:55:24 +11:00
wiredfool
c477bed95f
Merge pull request #5280 from cgohlke/patch-1
...
Fix suspicious sequence of types castings
2021-03-01 20:19:26 +00:00
Hugo van Kemenade
3bce145966
Use more specific regex chars to prevent ReDoS
...
* CVE-2021-25292
2021-03-01 19:04:57 +11:00
Eric Soroos
cbdce6c5d0
Fix for CVE-2021-25291
...
* Invalid tile boundaries lead to OOB Read in TiffDecode.c, in TiffReadRGBATile
* Check the tile validity before attempting to read.
2021-03-01 19:04:48 +11:00
Eric Soroos
86f02f7c70
Fix negative size read in TiffDecode.c
...
* Caught by oss-fuzz runs
* CVE-2021-25290
2021-03-01 19:04:42 +11:00
Eric Soroos
4853e522bd
Fix OOB read in SgiRleDecode.c
...
* From Pillow 4.3.0->8.1.0
* CVE-2021-25293
2021-03-01 19:04:19 +11:00
Eric Soroos
3fee28eb94
Incorrect error code checking in TiffDecode.c
...
* since Pillow 8.1.0
* CVE-2021-25289
2021-03-01 18:51:13 +11:00
Andrew Murray
5f92636bd0
Removed comment
2021-02-27 00:33:23 +11:00
Christoph Gohlke
71f48e19b9
Use unsigned size_t
2021-02-24 08:15:25 -08:00
Christoph Gohlke
48ac517c8d
Fix suspicious sequence of types castings
2021-02-24 07:02:42 -08:00
Andrew Murray
c0ee869c2c
Only draw each rectangle outline pixel once
2021-02-22 07:48:58 +11:00
Andrew Murray
223b05a2ea
Corrected docstring
2021-02-16 22:33:17 +11:00
Andrew Murray
c8ca4b909a
Added braces
2021-02-13 11:32:52 +11:00
Andrew Murray
57d6e8ca43
Added PyQt6 support
2021-02-10 21:12:32 +11:00
Andrew Murray
441d75aa28
Updated docstring
2021-02-09 19:14:57 +11:00
Andrew Murray
bc0c0cb11a
Merge pull request #5250 from Piolie/open_formats_case
...
Changed Image.open formats parameter to be case-insensitive
2021-02-08 18:19:02 +11:00
Andrew Murray
587e073dac
Moved case transformation before initialization check
2021-02-05 20:28:34 +11:00
Piolie
0c1675a143
Make formats
parameter in Image.open
accept aNy cAsE
2021-02-04 22:47:53 -03:00
Hugo van Kemenade
54f12f8aad
Merge pull request #5216 from radarhere/tk
...
Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02)
2021-02-02 15:00:15 +02:00
Andrew Murray
c10bf8d9a7
Improved docstring [ci skip]
2021-01-31 13:14:14 +11:00
Andrew Murray
685e951182
Removed unused C code
2021-01-30 11:23:24 +11:00
Andrew Murray
f2f92d22d1
Do not use "use built-in mapper WIN32 only"
2021-01-30 11:23:24 +11:00
Andrew Murray
428a62c696
Merge pull request #5223 from Bitblade/master
...
Documentation error: Wrong threshold in conversion from L to 1
2021-01-27 17:51:10 +11:00
Andrew Murray
c9740ab7e3
Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02)
2021-01-26 18:14:28 +11:00
Andrew Murray
cf98f178ad
Added tk version
2021-01-26 08:01:26 +11:00
Mark Laagland
e6ff82b9ab
Small fix for convert documentation of Image.py
...
[ci skip]
2021-01-24 22:49:27 +01:00
Andrew Murray
ac31061f22
Handle PCX images with an odd stride
2021-01-21 19:29:11 +11:00
Andrew Murray
6f236284b0
Corrected CVE number
2021-01-20 20:43:00 +11:00
Andrew Murray
543fa2ceb7
Merge pull request #5194 from radarhere/python310
...
PyModule_AddObject fix for Python 3.10
2021-01-12 21:53:54 +11:00
Andrew Murray
4eccadced4
Document that getcolors() returns colors in the image mode [ci skip]
2021-01-09 21:30:16 +11:00
Andrew Murray
cf190a3c2f
PyModule_AddObject fix for Python 3.10
2021-01-09 12:17:57 +11:00
Andrew Murray
46b7e86bab
Format with ClangFormat
2021-01-03 14:17:51 +11:00
Andrew Murray
56e7d1fd9b
8.2.0.dev0 version bump
2021-01-03 07:14:59 +11:00
Andrew Murray
fcc42e0d34
8.1.0 version bump
2021-01-02 22:39:02 +11:00
Andrew Murray
c8dd1c8422
Merge pull request #5175 from radarhere/tiff
...
Fix TIFF OOB Write error
2021-01-02 21:13:28 +11:00
Andrew Murray
0117694533
Merge pull request #5174 from radarhere/pcx
...
Fix for Read Overflow in PCX Decoding
2021-01-02 21:00:25 +11:00
Eric Soroos
2f409261eb
Fix for CVE CVE-2020-35655 - Read Overflow in PCX Decoding.
...
* Don't trust the image to specify a buffer size
2021-01-02 20:38:46 +11:00
wiredfool
45a62e91b1
Rework ReadTile
...
* Don't malloc for the swap line, just shuffle backwards
* Ensure that im->pixelsize is sanity checked
* Ensure that we're using the right size for the buffer from TiffReadRGBATile
2021-01-02 20:37:48 +11:00
wiredfool
eb8c1206d6
Fix CVE-2020-35654 - OOB Write in TiffDecode.c
...
* In some circumstances with some versions of libtiff (4.1.0+), there
could be a 4 byte out of bound write when decoding a YCbCr tiff.
* The Pillow code dates to 6.0.0
* Found and reported through Tidelift
2021-01-02 20:37:48 +11:00
Eric Soroos
9a2c9f722f
Make the SGI code return -1 as an error flag, error in state
2021-01-02 20:10:02 +11:00
Eric Soroos
7e95c63fa7
Fix for SGI Decode buffer overrun CVE-2020-35655
...
* Independently found by a contributor and sent to Tidelift, and by Google's OSS Fuzz.
2021-01-02 20:09:58 +11:00
Hugo van Kemenade
07bbc46589
Merge pull request #5149 from wiredfool/gif_write_oob_read
2021-01-02 10:14:17 +02:00