python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-01-13 18:56:17 +03:00
Code Issues Packages Projects Releases Wiki Activity
a200d716e8
Pillow/docs/releasenotes/8.1.1.rst
pre-commit-ci[bot] 20d451b359 [pre-commit.ci] auto fixes from pre-commit.com hooks 
for more information, see https://pre-commit.ci
2024-03-15 10:01:42 -04:00

47 lines
1.3 KiB
ReStructuredText
Raw Blame History

8.1.1
-----
Security
========
Fix CVE-2021-25289
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`2021-25289`
The previous fix for :cve:`2020-35654` was insufficient due to incorrect error checking in ``TiffDecode.c``.
Fix CVE-2021-25290
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`2021-25290`
In ``TiffDecode.c``, there is a negative-offset ``memcpy`` with an invalid size.
Fix CVE-2021-25291
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`2021-25291`
In ``TiffDecode.c``, invalid tile boundaries could lead to an out-of-bounds read in ``TIFFReadRGBATile``.
Fix CVE-2021-25292
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`2021-25292`:
The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
Fix CVE-2021-25293
^^^^^^^^^^^^^^^^^^
.. note:: More information about this vulnerability included in database record :cve:`2021-25293`
There is an out-of-bounds read in ``SgiRleDecode.c`` since Pillow 4.3.0.
Other Changes
=============
A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on
unreleased Python 3.10 has been fixed (:issue:`5193`).
Reference in New Issue View Git Blame Copy Permalink