Skip to content

Commit

Permalink
Added more CVE numbers [ci skip]
Browse files Browse the repository at this point in the history
  • Loading branch information
radarhere committed Mar 5, 2021
1 parent a10d2c9 commit 8fb5e50
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions docs/releasenotes/8.1.1.rst
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ that could be used as a DOS attack.
:cve:`CVE-2021-25293`: There is an out-of-bounds read in ``SgiRleDecode.c``,
since Pillow 4.3.0.

There is an exhaustion of memory DOS in the ICNS, ICO, and BLP
container formats where Pillow did not properly check the reported
size of the contained image. These images could cause arbitrarily
large memory allocations. This was reported by Jiayi Lin, Luke
Shaffer, Xinran Xie, and Akshay Ajayan of
There is an exhaustion of memory DOS in the BLP (:cve:`CVE-2021-27921`),
ICNS (:cve:`CVE-2021-27922`) and ICO (:cve:`CVE-2021-27923`) container formats
where Pillow did not properly check the reported size of the contained image.
These images could cause arbitrarily large memory allocations. This was reported
by Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan of
`Arizona State University <https://www.asu.edu/>`_.


Expand Down

0 comments on commit 8fb5e50

Please sign in to comment.