mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-26 18:06:18 +03:00
34 lines
1.1 KiB
ReStructuredText
34 lines
1.1 KiB
ReStructuredText
8.1.2
|
|
-----
|
|
|
|
Security
|
|
========
|
|
|
|
Fix CVE-2021-27921
|
|
^^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
|
|
|
|
There is an exhaustion of memory DOS in BLP images. where Pillow did not properly check the
|
|
reported size of the contained image. These images could cause arbitrarily large memory
|
|
allocations.
|
|
|
|
Fix CVE-2021-27922
|
|
^^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2021-27921`
|
|
|
|
There is an exhaustion of memory DOS in ICNS images where Pillow did not properly check the
|
|
reported size of the contained image. These images could cause arbitrarily large memory allocations.
|
|
|
|
Fix CVE-2021-27923
|
|
^^^^^^^^^^^^^^^^^^
|
|
|
|
.. note:: More information about this vulnerability included in database record :cve:`2021-27923`
|
|
|
|
There is an exhaustion of memory DOS in ICO images where Pillow did not properly check the reported
|
|
size of the contained image. These images could cause arbitrarily large memory allocations.
|
|
|
|
These were reported by Jiayi Lin, Luke Shaffer, Xinran Xie and
|
|
Akshay Ajayan of `Arizona State University <https://www.asu.edu/>`_.
|