mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-09-21 11:28:58 +03:00
49 lines
1.6 KiB
ReStructuredText
49 lines
1.6 KiB
ReStructuredText
6.2.2
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
This release fixes several buffer overruns and DOS attacks reported in CVE-2019-19911, CVE-2020-5310, CVE-2020-5311, CVE-2020-5312 and CVE-2020-5313.
|
|
|
|
Fix CVE-2019-19911
|
|
^^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2019-19911`
|
|
|
|
DOS attack vulnerability
|
|
++++++++++++++++++++++++
|
|
|
|
If an FPX image reports that it has a large number of bands, a large amount of
|
|
resources will be used when trying to process the image. This is fixed by
|
|
limiting the number of bands to those usable by Pillow.
|
|
|
|
Fix CVE-2020-5310
|
|
^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2020-5310`
|
|
|
|
Overflow checks have been added when calculating the size of a memory block to be reallocated
|
|
in the processing of a TIFF image.
|
|
|
|
Fix CVE-2020-5311
|
|
^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2020-5311`
|
|
|
|
Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.
|
|
|
|
Fix CVE-2020-5312
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2020-5312`
|
|
|
|
Buffer overruns were found when processing an SGI PCX. Checks have been added to prevent this.
|
|
|
|
Fix CVE-2020-5313
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2020-5313`
|
|
|
|
Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.
|