mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-27 02:16:19 +03:00
40 lines
1.2 KiB
ReStructuredText
40 lines
1.2 KiB
ReStructuredText
8.1.1
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
:cve:`2021-25289`: Correct the fix for :cve:`2020-35654`
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
The previous fix for :cve:`2020-35654` was insufficient due to incorrect
|
|
error checking in ``TiffDecode.c``.
|
|
|
|
:cve:`2021-25290`: Fix buffer overflow in ``TiffDecode.c``
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.
|
|
|
|
:cve:`2021-25291`: Fix buffer overflow in ``TIFFReadRGBATile``
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds
|
|
read in ``TIFFReadRGBATile``.
|
|
|
|
:cve:`2021-25292`: Fix DOS attack
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
The PDF parser has a catastrophic backtracking regex that could be used as a
|
|
DOS attack.
|
|
|
|
:cve:`2021-25293`: Fix buffer overflow in ``SgiRleDecode.c``
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
|
|
|
|
Other Changes
|
|
=============
|
|
|
|
A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on
|
|
unreleased Python 3.10 has been fixed (:issue:`5193`).
|