8.1.1 (2021-03-01)¶
Security¶
CVE 2021-25289: Correct the fix for CVE 2020-35654¶
The previous fix for CVE 2020-35654 was insufficient due to incorrect
error checking in TiffDecode.c
.
CVE 2021-25290: Fix buffer overflow in TiffDecode.c
¶
In TiffDecode.c
, there is a negative-offset memcpy
with an invalid size.
CVE 2021-25291: Fix buffer overflow in TIFFReadRGBATile
¶
In TiffDecode.c
, invalid tile boundaries could lead to an out-of-bounds
read in TIFFReadRGBATile
.
CVE 2021-25292: Fix DOS attack¶
The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
CVE 2021-25293: Fix buffer overflow in SgiRleDecode.c
¶
There is an out-of-bounds read in SgiRleDecode.c
since Pillow 4.3.0.
Other Changes¶
A crash with the feature flags for libimagequant, libjpeg-turbo, WebP and XCB on unreleased Python 3.10 has been fixed (#5193).