Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BE-157/CVE-2021-28675 #15

Merged
merged 1 commit into from
Apr 14, 2023
Merged

BE-157/CVE-2021-28675 #15

merged 1 commit into from
Apr 14, 2023

Conversation

rickprice
Copy link

BE-157 CVE-2021-28675

commit 22e9bee
Author: Eric Soroos eric-github@soroos.net
Date: Sun Mar 7 19:04:25 2021 +0100
Fix DOS in PSDImagePlugin -- CVE-2021-28675

  • PSDImagePlugin did not sanity check the number of input layers and
    vs the size of the data block, this could lead to a DOS on
    Image.open prior to Image.load.
  • This issue dates to the PIL fork

rickprice
rickprice commented Apr 13, 2023
View reviewed changes
Tests/test_tiff_crashes.py Outdated Show resolved Hide resolved
rickprice
rickprice commented Apr 13, 2023
View reviewed changes
Tests/test_file_webp.py Outdated Show resolved Hide resolved
rickprice
rickprice commented Apr 13, 2023
View reviewed changes
Tests/test_file_ppm.py Outdated Show resolved Hide resolved
rickprice
rickprice commented Apr 13, 2023
View reviewed changes
Tests/test_file_gd.py Outdated Show resolved Hide resolved
rickprice
rickprice commented Apr 13, 2023
View reviewed changes
Tests/test_file_jpeg2k.py Outdated Show resolved Hide resolved
rickprice
rickprice commented Apr 13, 2023
View reviewed changes
Tests/test_file_spider.py Outdated Show resolved Hide resolved
rickprice
rickprice commented Apr 13, 2023
View reviewed changes
Tests/test_image.py Outdated Show resolved Hide resolved
@rickprice rickprice force-pushed the BE-157/CVE-2021-28675 branch 3 times, most recently from 5d807a8 to 0090b52 Compare April 14, 2023 16:31
@wiredfool
BE-157-CVE-2021-28675
28ef1d4 
Fix DOS in PSDImagePlugin -- CVE-2021-28675

* PSDImagePlugin did not sanity check the number of input layers and
  vs the size of the data block, this could lead to a DOS on
  Image.open prior to Image.load.
* This issue dates to the PIL fork

Apply fix 8febdad
@icanhasmath icanhasmath merged commit 97671b5 into 6.2.x Apr 14, 2023
@icanhasmath icanhasmath deleted the BE-157/CVE-2021-28675 branch April 14, 2023 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rickprice @icanhasmath @wiredfool