Movatterモバイル変換


[0]ホーム

URL:


ContentsMenuExpandLight modeDark modeAuto light/dark, in light modeAuto light/dark, in dark modeSkip to content
Pillow (PIL Fork) 12.0.0 documentation
Light LogoDark Logo
Pillow (PIL Fork) 12.0.0 documentation
Back to top

8.3.2 (2021-09-02)

Security

CVE 2021-23437: Avoid potential ReDoS (regular expression denial of service)

Avoid a potential ReDoS (regular expression denial of service) inImageColor’sgetrgb() by raisingValueError if the color specifier istoo long. Present since Pillow 5.2.0.

Fix 6-byte out-of-bounds (OOB) read

Fix 6-byte out-of-bounds (OOB) read. The previous bounds check inFliDecode.c incorrectlycalculated the required read buffer size when copying a chunk, potentially reading six extrabytes off the end of the allocated buffer from the heap. Present since Pillow 7.1.0.

This bug was found by Google’sOSS-FuzzCIFuzz runs.

Other changes

Python 3.10 wheels

Pillow now includes binary wheels for Python 3.10.

The Python 3.10 release candidate was released on 2021-08-03 with the final release due2021-10-04 (PEP 619). The CPython core team strongly encourages maintainers ofthird-party Python projects to prepare for 3.10 compatibility. And as there areno ABIchanges planned we are releasing wheels to help others prepare for 3.10, and ensurePillow can be used immediately on release day of 3.10.0 final.

Fixed regressions

  • Ensure TIFFRowsPerStrip is multiple of 8 for JPEG compression (#5588).

  • Updates forImagePalette channel order (#5599).

  • Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library (#5651).

On this page

[8]ページ先頭

©2009-2025 Movatter.jp