Skip to content

Commit

Permalink
Fix based on 29a361d
Browse files Browse the repository at this point in the history
  • Loading branch information
aclark4life committed Mar 13, 2024
1 parent e0e8f10 commit 0b2c90d
Show file tree
Hide file tree
Showing 12 changed files with 17 additions and 17 deletions.
2 changes: 1 addition & 1 deletion docs/releasenotes/10.2.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Fix CVE-2023-50447
.. note:: More information about this vulnerability included in database record :cve:`2023-50447`

ImageMath.eval: Restricted environment keys
+++++++++++++++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If an attacker has control over the keys passed to the
``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute
Expand Down
6 changes: 3 additions & 3 deletions docs/releasenotes/3.1.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Fix CVE-2016-0740
.. note:: More information about this vulnerability included in database record :cve:`2016-0740`

Buffer overflow in TiffDecode.c
+++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pillow 3.1.0 and earlier when linked against
libtiff >= 4.0.0 on x64 may overflow a buffer when reading a
Expand All @@ -33,7 +33,7 @@ Fix CVE-2016-0775
.. note:: More information about this vulnerability included in database record :cve:`2016-0775`

Buffer overflow in FliDecode.c
++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In all versions of Pillow, dating back at least to
the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error.
Expand Down Expand Up @@ -67,7 +67,7 @@ Fix CVE-2016-2533
.. note:: More information about this vulnerability available in :cve:`2016-2533`

Buffer overflow in PcdDecode.c
++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In all versions of Pillow, dating back at least to the
last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error.
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/3.1.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Fix CVE-2016-3076
.. note:: More information about this vulnerability included in database record :cve:`2016-3076`

Buffer overflow in Jpeg2KEncode.c
+++++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pillow between 2.5.0 and 3.1.1 may overflow a buffer
when writing large Jpeg2000 files, allowing for code execution or other
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/6.2.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Fix CVE-2019-19911
.. note:: More information about this vulnerability included in database record :cve:`2019-19911`

DOS attack vulnerability
++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~

If an FPX image reports that it has a large number of bands, a large amount of
resources will be used when trying to process the image. This is fixed by
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/8.0.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Fix CVE-2020-15999
.. note:: More information about this vulnerability included in database record :cve:`2020-15999`

Update FreeType in wheels to `2.10.4`_
++++++++++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6.
Expand Down
6 changes: 3 additions & 3 deletions docs/releasenotes/8.1.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Fix CVE-2020-35653
.. note:: More information about this vulnerability included in database record :cve:`2020-35653`

Buffer read overrun in PCX decoding
+++++++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The PCX image decoder used the reported image stride to calculate
the row buffer, rather than calculating it from the image size. This issue dates back
Expand All @@ -27,7 +27,7 @@ Fix CVE-2020-35654
.. note:: More information about this vulnerability included in database record :cve:`2020-35654`

TIFF out-of-bounds write error
++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr
files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04).
Expand All @@ -42,7 +42,7 @@ Fix CVE-2020-35655
.. note:: More information about this vulnerability included in database record :cve:`2020-35655`

SGI Decode buffer overrun
+++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~

4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly
checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/8.2.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Fix CVE-2021-25287, CVE-2021-25288, CVE-2021-28675
:cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675`

OOB read in Jpeg2KDecode
++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~

* For J2k images with multiple bands, it's legal to have different widths for each band,
e.g. 1 byte for ``L``, 4 bytes for ``A``.
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/8.3.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Fix CVE-2021-34552
.. note:: More information about this vulnerability included in database record :cve:`2021-34552`

Buffer overflow
+++++++++++++++
~~~~~~~~~~~~~~~

PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
buffer overflow in Convert.c.
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/8.3.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Fix CVE-2021-23437
.. note:: More information about this vulnerability included in database record :cve:`2021-23437`

Avoid potential ReDoS (regular expression denial of service)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s
:py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/9.0.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ Fix CVE-2022-22817
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`

Restrict builtins available to ImageMath.eval
+++++++++++++++++++++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To limit :py:class:`PIL.ImageMath` to working with images, Pillow
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
Expand Down
4 changes: 2 additions & 2 deletions docs/releasenotes/9.0.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Fix CVE-2022-24303
.. note:: More information about this vulnerability included in database record :cve:`2022-24303`

Temp image removal
++++++++++++++++++
~~~~~~~~~~~~~~~~~~

If the path to the temporary directory on Linux or macOS
contained a space, this would break removal of the temporary image file after
Expand All @@ -25,7 +25,7 @@ Fix CVE-2022-24303
.. note:: More information about this vulnerability included in database record :cve:`2022-22817`

Restrict lambda expressions
+++++++++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~~~~~~~~

While Pillow 9.0 restricted top-level builtins available to
:py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda
Expand Down
2 changes: 1 addition & 1 deletion docs/releasenotes/9.1.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Fix CVE-2022-30595
.. note:: More information about this vulnerability included in database record :cve:`2022-30595`

Heap buffer overflow
++++++++++++++++++++
~~~~~~~~~~~~~~~~~~~~

When reading a TGA file with RLE packets that cross scan lines,
Pillow reads the information past the end of the first line without deducting that
Expand Down

0 comments on commit 0b2c90d

Please sign in to comment.