CVE-2021-25289: The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c.

CVE-2021-25290: In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

CVE-2021-25291: In TiffDecode.c, invalid tile boundaries could lead to an out-of-bounds read in TIFFReadRGBATile.

CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.

CVE-2021-25293: There is an out-of-bounds read in SgiRleDecode.c, since Pillow 4.3.0.

Other Changes

A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on unreleased Python 3.10 has been fixed (#5193).