mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-11-11 20:27:06 +03:00
13 lines
456 B
ReStructuredText
13 lines
456 B
ReStructuredText
8.1.2
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
|
|
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
|
|
where Pillow did not properly check the reported size of the contained image.
|
|
These images could cause arbitrarily large memory allocations. This was reported
|
|
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
|
|
`Arizona State University <https://www.asu.edu/>`_.
|