Package: pillow / 8.1.2+dfsg-0.3

Metadata

Package Version Patches format
pillow 8.1.2+dfsg-0.3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
toplevel setup.py | (download)

setup.py | 77 56 + 21 - 0 !
1 file changed, 56 insertions(+), 21 deletions(-)

---
generate webp file | (download)

Tests/test_file_webp.py | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

---
js script file.diff | (download)

docs/_static/js/script.js | 60 60 + 0 - 0 !
1 file changed, 60 insertions(+)

---
no sphinx removed in.diff | (download)

docs/conf.py | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---
CVE 2021 25287_CVE 2021 25288.patch | (download)

src/libImaging/Jpeg2KDecode.c | 35 26 + 9 - 0 !
1 file changed, 26 insertions(+), 9 deletions(-)

 [patch] fix oob read in jpeg2kdecode cve-2021-25287,cve-2021-25288

CVE 2021 28675.patch | (download)

src/PIL/ImageFile.py | 14 12 + 2 - 0 !
src/PIL/PsdImagePlugin.py | 32 21 + 11 - 0 !
2 files changed, 33 insertions(+), 13 deletions(-)

 [patch] fix dos in psdimageplugin -- cve-2021-28675

* PSDImagePlugin did not sanity check the number of input layers and
  vs the size of the data block, this could lead to a DOS on
  Image.open prior to Image.load.
* This issue dates to the PIL fork


CVE 2021 28676.patch | (download)

src/libImaging/FliDecode.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch] fix fli dos -- cve-2021-28676

* FliDecode did not properly check that the block advance was
  non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz


CVE 2021 28677.patch | (download)

src/PIL/EpsImagePlugin.py | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] fix eps dos on _open -- cve-2021-28677

* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork

CVE 2021 28678.patch | (download)

src/PIL/BlpImagePlugin.py | 43 23 + 20 - 0 !
1 file changed, 23 insertions(+), 20 deletions(-)

 [patch] fix blp dos -- cve-2021-28678

* BlpImagePlugin did not properly check that reads after jumping to
  file offsets returned data. This could lead to a DOS where the
  decoder could be run a large number of times on empty data
* This dates to Pillow 5.1.0

CVE 2021 34552.patch | (download)

src/libImaging/Convert.c | 10 4 + 6 - 0 !
1 file changed, 4 insertions(+), 6 deletions(-)

 [patch 2/2] use snprintf instead of sprintf

* https://github.com/python-pillow/Pillow/pull/5567/files
* Replace sprintf with snprintf in src/libImaging/Convert.c