Skip to content

Commit

Permalink
Clean up for #7864
Browse files Browse the repository at this point in the history
  • Loading branch information
aclark4life committed Mar 13, 2024
1 parent 669ba7f commit ba9aa0e
Show file tree
Hide file tree
Showing 14 changed files with 40 additions and 19 deletions.
3 changes: 2 additions & 1 deletion docs/releasenotes/10.0.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ Fix CVE-2023-44271

.. note:: More information about this vulnerability included in database record :cve:`2023-44271`

Added ImageFont.MAX_STRING_LENGTH.
Added ImageFont.MAX_STRING_LENGTH
+++++++++++++++++++++++++++++++++

To protect against potential DOS attacks when using arbitrary strings as text
input, Pillow will now raise a :py:exc:`ValueError` if the number of characters
Expand Down
3 changes: 2 additions & 1 deletion docs/releasenotes/10.2.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ Fix CVE-2023-50447

.. note:: More information about this vulnerability included in database record :cve:`2023-50447`

ImageMath.eval: Restricted environment keys.
ImageMath.eval: Restricted environment keys
+++++++++++++++++++++++++++++++++++++++++++

If an attacker has control over the keys passed to the
``environment`` argument of :py:meth:`PIL.ImageMath.eval`, they may be able to execute
Expand Down
9 changes: 6 additions & 3 deletions docs/releasenotes/3.1.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ Fix CVE-2016-0740

.. note:: More information about this vulnerability included in database record :cve:`2016-0740`

Buffer overflow in TiffDecode.c.
Buffer overflow in TiffDecode.c
+++++++++++++++++++++++++++++++

Pillow 3.1.0 and earlier when linked against
libtiff >= 4.0.0 on x64 may overflow a buffer when reading a
Expand All @@ -31,7 +32,8 @@ Fix CVE-2016-0775

.. note:: More information about this vulnerability included in database record :cve:`2016-0775`

Buffer overflow in FliDecode.c.
Buffer overflow in FliDecode.c
++++++++++++++++++++++++++++++

In all versions of Pillow, dating back at least to
the last PIL 1.1.7 release, FliDecode.c has a buffer overflow error.
Expand Down Expand Up @@ -64,7 +66,8 @@ Fix CVE-2016-2533

.. note:: More information about this vulnerability available in :cve:`2016-2533`

Buffer overflow in PcdDecode.c.
Buffer overflow in PcdDecode.c
++++++++++++++++++++++++++++++

In all versions of Pillow, dating back at least to the
last PIL 1.1.7 release, ``PcdDecode.c`` has a buffer overflow error.
Expand Down
3 changes: 2 additions & 1 deletion docs/releasenotes/3.1.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ Fix CVE-2016-3076

.. note:: More information about this vulnerability included in database record :cve:`2016-3076`

Buffer overflow in Jpeg2KEncode.c.
Buffer overflow in Jpeg2KEncode.c
+++++++++++++++++++++++++++++++++

Pillow between 2.5.0 and 3.1.1 may overflow a buffer
when writing large Jpeg2000 files, allowing for code execution or other
Expand Down
3 changes: 2 additions & 1 deletion docs/releasenotes/6.2.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ Fix CVE-2019-19911

.. note:: More information about this vulnerability included in database record :cve:`2019-19911`

DOS attack vulnerability.
DOS attack vulnerability
++++++++++++++++++++++++

If an FPX image reports that it has a large number of bands, a large amount of
resources will be used when trying to process the image. This is fixed by
Expand Down
9 changes: 5 additions & 4 deletions docs/releasenotes/8.0.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,13 @@ Fix CVE-2020-15999

.. note:: More information about this vulnerability included in database record :cve:`2020-15999`

Update FreeType in wheels to `2.10.4`_.
Update FreeType in wheels to `2.10.4`_
++++++++++++++++++++++++++++++++++++++

- A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6.
* A heap buffer overflow has been found in the handling of embedded PNG bitmaps,
introduced in FreeType version 2.6.

If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately.
* If you use option ``FT_CONFIG_OPTION_USE_PNG`` you should upgrade immediately.

We strongly recommend updating to Pillow 8.0.1 if you are using Pillow 8.0.0, which improved support for bitmap fonts.

Expand Down
9 changes: 6 additions & 3 deletions docs/releasenotes/8.1.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ Fix CVE-2020-35653

.. note:: More information about this vulnerability included in database record :cve:`2020-35653`

Buffer read overrun in PCX decoding.
Buffer read overrun in PCX decoding
+++++++++++++++++++++++++++++++++++

The PCX image decoder used the reported image stride to calculate
the row buffer, rather than calculating it from the image size. This issue dates back
Expand All @@ -25,7 +26,8 @@ Fix CVE-2020-35654

.. note:: More information about this vulnerability included in database record :cve:`2020-35654`

TIFF out-of-bounds write error.
TIFF out-of-bounds write error
++++++++++++++++++++++++++++++

Out-of-bounds write in ``TiffDecode.c`` when reading corrupt YCbCr
files in some LibTIFF versions (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04).
Expand All @@ -39,7 +41,8 @@ Fix CVE-2020-35655

.. note:: More information about this vulnerability included in database record :cve:`2020-35655`

SGI Decode buffer overrun.
SGI Decode buffer overrun
+++++++++++++++++++++++++

4 byte read overflow in ``SgiRleDecode.c``, where the code was not correctly
checking the offsets and length tables. Independently reported through `Tidelift`_ and Google's
Expand Down
1 change: 1 addition & 0 deletions docs/releasenotes/8.2.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Fix CVE-2021-25287, CVE-2021-25288, CVE-2021-28675
:cve:`2021-25287`, :cve:`2021-25288`, :cve:`2021-28675`

OOB read in Jpeg2KDecode
++++++++++++++++++++++++

* For J2k images with multiple bands, it's legal to have different widths for each band,
e.g. 1 byte for ``L``, 4 bytes for ``A``.
Expand Down
1 change: 1 addition & 0 deletions docs/releasenotes/8.3.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Fix CVE-2021-34552
.. note:: More information about this vulnerability included in database record :cve:`2021-34552`

Buffer overflow
+++++++++++++++

PIL since 1.1.4 and Pillow since 1.0 allowed parameters passed into a convert function to trigger
buffer overflow in Convert.c.
Expand Down
1 change: 1 addition & 0 deletions docs/releasenotes/8.3.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Fix CVE-2021-23437
.. note:: More information about this vulnerability included in database record :cve:`2021-23437`

Avoid potential ReDoS (regular expression denial of service)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Avoid a potential ReDoS (regular expression denial of service) in :py:class:`~PIL.ImageColor`'s
:py:meth:`~PIL.ImageColor.getrgb` by raising :py:exc:`ValueError` if the color specifier is
Expand Down
3 changes: 2 additions & 1 deletion docs/releasenotes/9.0.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@ Fix CVE-2022-22817

.. note:: More information about this vulnerability included in database record :cve:`2022-22817`

Restrict builtins available to ImageMath.eval.
Restrict builtins available to ImageMath.eval
+++++++++++++++++++++++++++++++++++++++++++++

To limit :py:class:`PIL.ImageMath` to working with images, Pillow
will now restrict the builtins available to :py:meth:`PIL.ImageMath.eval`. This will
Expand Down
8 changes: 5 additions & 3 deletions docs/releasenotes/9.0.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ Fix CVE-2022-24303

.. note:: More information about this vulnerability included in database record :cve:`2022-24303`

Temp image removal.
Temp image removal
++++++++++++++++++

If the path to the temporary directory on Linux or macOS
contained a space, this would break removal of the temporary image file after
Expand All @@ -21,10 +22,11 @@ has been present since PIL.
Fix CVE-2022-24303
^^^^^^^^^^^^^^^^^^

Restrict lambda expressions

.. note:: More information about this vulnerability included in database record :cve:`2022-22817`

Restrict lambda expressions
+++++++++++++++++++++++++++

While Pillow 9.0 restricted top-level builtins available to
:py:meth:`PIL.ImageMath.eval`, it did not prevent builtins available to lambda
expressions. These are now also restricted.
Expand Down
3 changes: 2 additions & 1 deletion docs/releasenotes/9.1.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ Fix CVE-2022-30595

.. note:: More information about this vulnerability included in database record :cve:`2022-30595`

Heap buffer overflow.
Heap buffer overflow
++++++++++++++++++++

When reading a TGA file with RLE packets that cross scan lines,
Pillow reads the information past the end of the first line without deducting that
Expand Down
3 changes: 3 additions & 0 deletions docs/releasenotes/template.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ Fix CVE-YYYY-XXXXX

.. note:: More information about this vulnerability included in database record :cve:`YYYY-XXXXX`

TODO
++++

TODO

Backwards Incompatible Changes
Expand Down

0 comments on commit ba9aa0e

Please sign in to comment.