This release fixes several buffer overruns and DOS attacks reported in CVE-2019-19911, CVE-2020-5310, CVE-2020-5311, CVE-2020-5312 and CVE-2020-5313.
Note
More information about this vulnerability included in database record 2019-19911
If an FPX image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is fixed by limiting the number of bands to those usable by Pillow.
Note
More information about this vulnerability included in database record 2020-5310
Overflow checks have been added when calculating the size of a memory block to be reallocated in the processing of a TIFF image.
Note
More information about this vulnerability included in database record 2020-5311
Buffer overruns were found when processing an SGI image. Checks have been added to prevent this.
Note
More information about this vulnerability included in database record 2020-5312
Buffer overruns were found when processing an SGI PCX. Checks have been added to prevent this.
Note
More information about this vulnerability included in database record 2020-5313
Buffer overruns were found when processing an FLI image. Checks have been added to prevent this.