8.1.1
-----


Security
========

:cve:`CVE-2021-25289`: The previous fix for :cve:`CVE-2020-35654` was insufficient
due to incorrect error checking in ``TiffDecode.c``.

:cve:`CVE-2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy``
with an invalid size.

:cve:`CVE-2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to
an out-of-bounds read in ``TIFFReadRGBATile``.

:cve:`CVE-2021-25292`: The PDF parser has a catastrophic backtracking regex
that could be used as a DOS attack.

:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0.

There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations. This was reported
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.


Other Changes
=============

A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on
unreleased Python 3.10 has been fixed (:issue:`5193`).