File tree 1 file changed +21
-3
lines changed
1 file changed +21
-3
lines changed Original file line number Diff line number Diff line change @@ -100,10 +100,28 @@ argument will also now be supported, e.g. ``im.show(title="My Image")`` and
100100Security
101101========
102102
103- TODO
104- ^^^^
103+ Ensure JpegImagePlugin stops at the end of a truncated file
104+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
105105
106- TODO
106+ ``JpegImagePlugin `` may append an EOF marker to the end of a truncated file, so that
107+ the last segment of the data will still be processed by the decoder.
108+
109+ If the EOF marker is not detected as such however, this could lead to an infinite
110+ loop where ``JpegImagePlugin `` keeps trying to end the file.
111+
112+ Remove consecutive duplicate tiles that only differ by their offset
113+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
114+
115+ To prevent attempts to slow down loading times for images, if an image has consecutive
116+ duplicate tiles that only differ by their offset, only load the last tile. Credit to
117+ Google's `OSS-Fuzz `_ project for finding this issue.
118+
119+ Fixed ImagePath.Path array handling
120+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
121+
122+ CWE-126 and CWE-665 were found when initializing ``ImagePath.Path ``.
123+
124+ .. _OSS-Fuzz : https://github.com/google/oss-fuzz
107125
108126Other Changes
109127=============
You can’t perform that action at this time.
0 commit comments