8.1.1 ----- Security ======== :cve:`2021-25289`: Fix the fix for :cve:`2020-35654` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``. :cve:`2021-25290`: Fix buffer overflow in ``TiffDecode.c`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size. :cve:`2021-25291`: Fix buffer overflow in ``TIFFReadRGBATile`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``. :cve:`2021-25292`: Fix DOS attack ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack. :cve:`2021-25293`: Fix buffer overflow in ``SgiRleDecode.c`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0. Other Changes ============= A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on unreleased Python 3.10 has been fixed (:issue:`5193`).