Skip to content

Commit

Permalink
Add to release notes
Browse files Browse the repository at this point in the history
  • Loading branch information
@hugovk
hugovk committed Oct 29, 2022
1 parent 799a6a0 commit 0846bfa
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions docs/releasenotes/9.3.0.rst
View file
Expand Up @@ -49,6 +49,15 @@ decode the data in its natural CMYK mode, then convert it to RGB and rearrange
the channels afterwards. Trying to load the data in an incorrect mode could
result in a segmentation fault. This issue was introduced in Pillow 9.1.0.

Limit SAMPLESPERPIXEL to avoid runtime DOS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

A large value in the ``SAMPLESPERPIXEL`` tag could lead to a memory and runtime DOS in
``TiffImagePlugin.py`` when setting up the context for image decoding.
This was introduced in Pillow 9.2.0, found with `OSS-Fuzz`_ and fixed by limiting
``SAMPLESPERPIXEL`` to the number of planes that we can decode.


Other Changes
=============

Expand Down Expand Up @@ -88,3 +97,5 @@ Show all frames with ImageShow

When calling :py:meth:`~PIL.Image.Image.show` or using
:py:mod:`~PIL.ImageShow`, all frames will now be shown.

.. _OSS-Fuzz: https://github.com/google/oss-fuzz

0 comments on commit 0846bfa

Please sign in to comment.