mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-11-11 04:07:21 +03:00
36 lines
1.1 KiB
ReStructuredText
36 lines
1.1 KiB
ReStructuredText
8.1.1
|
|
-----
|
|
|
|
|
|
Security
|
|
========
|
|
|
|
:cve:`CVE-2021-25289`: The previous fix for :cve:`CVE-2020-35654` was insufficient
|
|
due to incorrect error checking in ``TiffDecode.c``.
|
|
|
|
:cve:`CVE-2021-25290`: In ``TiffDecode.c``, there is a negative-offset ``memcpy``
|
|
with an invalid size.
|
|
|
|
:cve:`CVE-2021-25291`: In ``TiffDecode.c``, invalid tile boundaries could lead to
|
|
an out-of-bounds read in ``TIFFReadRGBATile``.
|
|
|
|
:cve:`CVE-2021-25292`: The PDF parser has a catastrophic backtracking regex
|
|
that could be used as a DOS attack.
|
|
|
|
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
|
|
since Pillow 4.3.0.
|
|
|
|
There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
|
|
container formats where Pillow did not properly check the reported
|
|
size of the contained image. These images could cause arbitrarily
|
|
large memory allocations. This was reported by Jiayi Lin, Luke
|
|
Shaffer, Xinran Xie, and Akshay Ajayan of
|
|
`Arizona State University <https://www.asu.edu/>`_.
|
|
|
|
|
|
Other Changes
|
|
=============
|
|
|
|
A crash with the feature flags for libjpeg and WebP on unreleased Python 3.10 has been
|
|
fixed (:issue:`5193`).
|