* The readline used in EPS has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. * A malicious EPS file could use this to perform a DOS of Pillow in the open phase, before an image was accepted for opening. * This dates to the PIL Fork
One each for:
The CVEs from https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security at MITRE (example) are still showing as reserved:
Do we or Tidelift need to do anything to publicise them?
I've submitted https://cveform.mitre.org/ accordingly.