mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-09-21 11:28:58 +03:00
c69dcc1c29
- Include CVE link in title (via @hugovk) - Retro-add release notes for 2.3.2, 2.5.2 for CVE-2014-3589
36 lines
1.3 KiB
ReStructuredText
36 lines
1.3 KiB
ReStructuredText
6.2.2
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
This release fixes several buffer overruns and DOS attacks.
|
|
|
|
:cve:`2019-19911`: DOS attack vulnerability
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
If an FPX image reports that it has a large number of bands, a large amount of
|
|
resources will be used when trying to process the image. This is fixed by
|
|
limiting the number of bands to those usable by Pillow.
|
|
|
|
:cve:`2020-5310`: Overflow checks added to TIFF image processing
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Overflow checks have been added when calculating the size of a memory block to be reallocated
|
|
in the processing of a TIFF image.
|
|
|
|
:cve:`2020-5311`: Overflow checks added to SGI image processing
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.
|
|
|
|
:cve:`2020-5312`: Overflow checks added to PCX image processing
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Buffer overruns were found when processing a PCX image. Checks have been added to prevent this.
|
|
|
|
:cve:`2020-5313`: Overflow checks added to FLI image processing
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.
|