Package: pillow / 8.1.2+dfsg-0.3

CVE-2021-28676.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
From bb6c11fb889e6c11b0ee122b828132ee763b5856 Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 11 Mar 2021 22:12:35 +0100
Subject: [PATCH] Fix FLI DOS -- CVE-2021-28676

* FliDecode did not properly check that the block advance was
  non-zero, potentally leading to an infinite loop on load.
* This dates to the PIL Fork
* Found with oss-fuzz

--- pillow-8.1.2+dfsg.orig/src/libImaging/FliDecode.c
+++ pillow-8.1.2+dfsg/src/libImaging/FliDecode.c
@@ -242,6 +242,11 @@ ImagingFliDecode(Imaging im, ImagingCode
                 return -1;
         }
         advance = I32(ptr);
+        if (advance == 0 ) {
+            // If there's no advance, we're in in infinite loop
+            state->errcode = IMAGING_CODEC_BROKEN;
+            return -1;
+        }
         if (advance < 0 || advance > bytes) {
             state->errcode = IMAGING_CODEC_OVERRUN;
             return -1;