python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2026-03-15 09:32:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
12.1.1
Pillow/docs/releasenotes/12.1.1.rst
Andrew Murray 9000313cc5 Fix OOB Write with invalid tile extents (#9427) 
Co-authored-by: Eric Soroos <eric-github@soroos.net>
2026-02-11 10:49:33 +11:00

25 lines
751 B
ReStructuredText
Raw Permalink Blame History

12.1.1
------
Security
========
:cve:`2021-25289`: Fix OOB write with invalid tile extents
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Check that tile extents do not use negative x or y offsets when decoding or encoding,
and raise an error if they do, rather than allowing an OOB write.
An out-of-bounds write may be triggered when opening a specially crafted PSD image.
This only affects Pillow >= 10.3.0. Reported by
`Yarden Porat <https://github.com/yardenporat353>`__.
Other changes
=============
Patch libavif for svt-av1 4.0 compatibility
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
A patch has been added to ``depends/install_libavif.sh``, to allow libavif 1.3.0 to be
compatible with the recently released svt-av1 4.0.0.
Reference in New Issue View Git Blame Copy Permalink