Pillow/docs/releasenotes/6.2.2.rst
2020-01-03 21:33:10 +02:00

18 lines
631 B
ReStructuredText

6.2.2
-----
Security
========
This release addresses several security problems.
CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number
of bands, a large amount of resources will be used when trying to process the
image. This is fixed by limiting the number of bands to those usable by Pillow.
Buffer overruns were found when processing an SGI (CVE-2020-5311), PCX (CVE-2020-5312)
or FLI image (CVE-2020-5313). Checks have been added to prevent this.
CVE-2020-5310: Overflow checks have been added when calculating the size of a memory
block to be reallocated in the processing of a TIFF image.