rpms / python-pillow

Clone
Source Code
GIT

Blame CVE-2021-2792x.patch

epel9 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   9d3a3d47fde8c51dcfd88263937a3b8e338e7659
  2.   CVE-2021-2792x.patch
Blob History Raw
12fb7c3 
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/BlpImagePlugin.py Pillow-7.2.0-new/src/PIL/BlpImagePlugin.py
12fb7c3 
--- Pillow-7.2.0/src/PIL/BlpImagePlugin.py	2020-06-30 09:50:35.000000000 +0200
b666aef 
+++ Pillow-7.2.0-new/src/PIL/BlpImagePlugin.py	2021-05-24 15:38:11.071397292 +0200
ca73b5f 
@@ -353,6 +353,7 @@ class BLP1Decoder(_BLPBaseDecoder):
ca73b5f 
         data = jpeg_header + data
ca73b5f 
         data = BytesIO(data)
ca73b5f 
         image = JpegImageFile(data)
ca73b5f 
+        Image._decompression_bomb_check(image.size)
ca73b5f 
         self.tile = image.tile  # :/
ca73b5f 
         self.fd = image.fp
ca73b5f 
         self.mode = image.mode
12fb7c3 
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/IcnsImagePlugin.py Pillow-7.2.0-new/src/PIL/IcnsImagePlugin.py
12fb7c3 
--- Pillow-7.2.0/src/PIL/IcnsImagePlugin.py	2020-06-30 09:50:35.000000000 +0200
b666aef 
+++ Pillow-7.2.0-new/src/PIL/IcnsImagePlugin.py	2021-05-24 15:38:11.071397292 +0200
ca73b5f 
@@ -106,6 +106,7 @@ def read_png_or_jpeg2000(fobj, start_len
ca73b5f 
     if sig[:8] == b"\x89PNG\x0d\x0a\x1a\x0a":
ca73b5f 
         fobj.seek(start)
ca73b5f 
         im = PngImagePlugin.PngImageFile(fobj)
ca73b5f 
+        Image._decompression_bomb_check(im.size)
ca73b5f 
         return {"RGBA": im}
ca73b5f 
     elif (
ca73b5f 
         sig[:4] == b"\xff\x4f\xff\x51"
ca73b5f 
@@ -122,6 +123,7 @@ def read_png_or_jpeg2000(fobj, start_len
ca73b5f 
         jp2kstream = fobj.read(length)
ca73b5f 
         f = io.BytesIO(jp2kstream)
ca73b5f 
         im = Jpeg2KImagePlugin.Jpeg2KImageFile(f)
ca73b5f 
+        Image._decompression_bomb_check(im.size)
ca73b5f 
         if im.mode != "RGBA":
ca73b5f 
             im = im.convert("RGBA")
ca73b5f 
         return {"RGBA": im}
12fb7c3 
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/IcoImagePlugin.py Pillow-7.2.0-new/src/PIL/IcoImagePlugin.py
12fb7c3 
--- Pillow-7.2.0/src/PIL/IcoImagePlugin.py	2020-06-30 09:50:35.000000000 +0200
b666aef 
+++ Pillow-7.2.0-new/src/PIL/IcoImagePlugin.py	2021-05-24 15:38:11.071397292 +0200
ca73b5f 
@@ -174,6 +174,7 @@ class IcoFile:
ca73b5f 
         if data[:8] == PngImagePlugin._MAGIC:
ca73b5f 
             # png frame
ca73b5f 
             im = PngImagePlugin.PngImageFile(self.buf)
ca73b5f 
+            Image._decompression_bomb_check(im.size)
ca73b5f 
         else:
ca73b5f 
             # XOR + AND mask bmp frame
ca73b5f 
             im = BmpImagePlugin.DibImageFile(self.buf)
12fb7c3 
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_icns.py Pillow-7.2.0-new/Tests/test_file_icns.py
12fb7c3 
--- Pillow-7.2.0/Tests/test_file_icns.py	2020-06-30 09:50:35.000000000 +0200
b666aef 
+++ Pillow-7.2.0-new/Tests/test_file_icns.py	2021-05-24 15:38:11.071397292 +0200
12fb7c3 
@@ -138,3 +138,8 @@ def test_not_an_icns_file():
12fb7c3 
     with io.BytesIO(b"invalid\n") as fp:
12fb7c3 
         with pytest.raises(SyntaxError):
12fb7c3 
             IcnsImagePlugin.IcnsFile(fp)
ca73b5f 
+
12fb7c3 
+def test_icns_decompression_bomb():
12fb7c3 
+    with pytest.raises(Image.DecompressionBombError):
12fb7c3 
+        im = Image.open('Tests/images/oom-8ed3316a4109213ca96fb8a256a0bfefdece1461.icns')
12fb7c3 
+        im.load()
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.