@@ -20,14 +20,6 @@ Makefile
2020
2121The 'install-venv' target has been deprecated.
2222
23- API Changes
24- ===========
25-
26- TODO
27- ^^^^
28-
29- TODO
30-
3123API Additions
3224=============
3325
@@ -44,8 +36,29 @@ already exists for the ICNS format.
4436Security
4537========
4638
47- An out-of-bounds read when saving TIFFs with custom metadata through libtiff has been
48- fixed, as well as when saving a GIF of 1px width.
39+ This release includes security fixes.
40+
41+ * An out-of-bounds read when saving TIFFs with custom metadata through libtiff
42+ * An out-of-bounds read when saving a GIF of 1px width
43+ * :cve: `CVE-2020-35653 ` Buffer Read Overrun in PCX Decoding.
44+
45+ The PCX Image decoder used the reported image stride to calculate the row buffer,
46+ rather than calculating it from the image size. This issue dates back to the PIL fork.
47+ Thanks to Google's OSS-Fuzz project for finding this.
48+
49+ * :cve: `CVE-2020-35654 ` Fix TIFF OOB Write error
50+
51+ OOB Write in TiffDecode.c when reading corrupt YCbCr files in some LibTiff versions
52+ (4.1.0/Ubuntu 20.04, but not 4.0.9/Ubuntu 18.04). In some cases libtiff's
53+ interpretation of the file is different when reading in RGBA mode, leading to an Out of
54+ bounds write in TiffDecode.c. This potentially affects Pillow versions from 6.0.0 to
55+ 8.0.1, depending on the version of LibTiff. This was reported through Tidelift.
56+
57+ * :cve: `CVE-2020-35655 ` Fix for SGI Decode buffer overrun
58+
59+ 4 Byte Read Overflow in SGIRleDecode.c, where the code was not correctly checking the
60+ offsets and length tables. Independently reported through Tidelift and Google's OSS-Fuzz.
61+ This vulnerability covers Pillow versions 4.3.0->8.0.1.
4962
5063Dependencies
5164^^^^^^^^^^^^
0 commit comments