Published May 17, 2022
| Version 9.1.1
Software
Open
python-pillow/Pillow: 9.1.1
Creators
- Hugo van Kemenade1
- Andrew Murray
- wiredfool
- Jeffrey A. Clark, "Alex"2
- Alexander Karpinsky3
- Ondrej Baranovič
- Christoph Gohlke4
- Jon Dufresne5
- DWesl
- David Schmidt
- Konstantin Kopachev6
- Alastair Houghton7
- Sandro Mani8
- Steve Landey9
- vashek
- Josh Ware10
- Jason Douglas11
- Stanislau T.
- David Caro
- Uriel Martinez12
- Steve Kossouho
- Riley Lahd
- Antony Lee
- Eric W. Brown13
- Oliver Tonnhofer14
- Piolie
- Mickael Bonfill15
- Max Base16
- Peter Rowlands (변기호)
- 1. Nord Software
- 2. ACLARK.NET, LLC
- 3. Uploadcare
- 4. University of California, Irvine
- 5. Pioneer Valley Books
- 6. @groupninemedia
- 7. @apple
- 8. @sourcepole
- 9. Asana, but not on this account
- 10. Primary Health Care Ltd
- 11. Step Mobile
- 12. You-i Lab
- 13. Iotopia Solutions, Inc.
- 14. Omniscale
- 15. @Unity-Technologies
- 16. @GitHub Open Source Maintainer
Description
This release addresses several security problems.
CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow.
Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.
Files
python-pillow/Pillow-9.1.1.zip
Files
(50.5 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:9efb8ed36020dedf514daa7bd95441b6
|
50.5 MB | Preview Download |
Additional details
Related works
- Is supplement to
- https://github.com/python-pillow/Pillow/tree/9.1.1 (URL)