TiffDecode.c, there is a negative-offset
with an invalid size.
TiffDecode.c, invalid tile boundaries could lead to
an out-of-bounds read in
CVE-2021-25292: The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.
CVE-2021-25293: There is an out-of-bounds read in
since Pillow 4.3.0.