6.2.2
-----

Security
========

This release fixes several buffer overruns and DOS attacks reported in CVE-2019-19911, CVE-2020-5310, CVE-2020-5311, CVE-2020-5312 and CVE-2020-5313.

Fix CVE-2019-19911
^^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2019-19911`

DOS attack vulnerability
++++++++++++++++++++++++

If an FPX image reports that it has a large number of bands, a large amount of
resources will be used when trying to process the image. This is fixed by
limiting the number of bands to those usable by Pillow.

Fix CVE-2020-5310
^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5310`

Overflow checks have been added when calculating the size of a memory block to be reallocated
in the processing of a TIFF image.

Fix CVE-2020-5311
^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5311`

Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.

Fix CVE-2020-5312
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5312`

Buffer overruns were found when processing an SGI PCX. Checks have been added to prevent this.

Fix CVE-2020-5313
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

.. note:: More information about this vulnerability included in database record :cve:`2020-5313`

Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.