Skip to content
2 changes: 1 addition & 1 deletion docs/releasenotes/12.2.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ these checks did not consider integer overflow. This has been corrected.

When parsing a PDF, if a trailer refers to itself, or a more complex cyclic loop
exists, then an infinite loop occurs. Pillow now keeps a record of which trailers it
has already processed. PdfParser was added in Pillow 4.2.0.
has already processed. PdfParser was added in Pillow 5.1.0.

:cve:`2026-42308`: Integer overflow when processing fonts
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Expand Down
91 changes: 71 additions & 20 deletions docs/releasenotes/12.3.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,39 +4,84 @@
Security
========

TODO
^^^^
Prevent decompression bomb when parsing PDF
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

TODO
When parsing a PDF, ``PdfStream.decode()`` attempts to decompress data without any
limit. A default maximum of ``ImageFile.SAFEBLOCK`` has been added. ``PdfParser`` was
added in Pillow 5.1.0. Reported by `redyank <https://github.com/redyank>`__.

:cve:`YYYY-XXXXX`: TODO
:cve:`2026-55798`: WindowsViewer.get_command injection
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

If an attacker has control over the path passed to
``ImageShow.WindowsViewer.get_command()``, and the result is executed by the user, the
attacker may be able to execute arbitrary shell commands. Reported by Bin Luo,
University of Electronic Science and Technology of China (luob87709@gmail.com).

EPS image infinite loop
^^^^^^^^^^^^^^^^^^^^^^^

TODO
If a negative byte count is specified for the BeginBinary byte count, an infinite loop
is possible as Pillow seeks repeatedly backwards. This value will now be validated.
BeginBinary parsing was only added in Pillow 12.0.0. Reported by
`jiagongzheng-stack <https://github.com/jiagongzheng-stack>`__.

JPEG2000 image memory usage
^^^^^^^^^^^^^^^^^^^^^^^^^^^

The total component width was incorrectly accumulated across tiles within a JPEG2000
image, potentially leading to excessive memory use. This was introduced as part of an
earlier security fix in Pillow 8.2.0, but has now been fixed. Reported by Fr3v1.

McIdas out-of-bounds (OOB) read
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

McIdas images can specify the stride, and if incorrectly set, may cause an OOB read.
This has been fixed. Reported by Devansh Shah, RUDRA Cybersecurity Pvt. Ltd.

Backwards incompatible changes
==============================
Out-of-bounds (OOB) read when saving 1 mode TGA images
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

TODO
^^^^
Saving 1 mode images as TGA with run-length encoding can trigger an OOB read. This was
added in Pillow 5.2.0, but the functionality is not possible under the TGA
specification, so it has been removed. Reported by
`Seratov <https://github.com/Seratov>`__.

TODO
Out-of-bounds (OOB) write from large RankFilter sizes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

:py:class:`~PIL.ImageFilter.RankFilter`, and its subclasses, can potentially write
out-of-bounds if given a large size. This has been fixed. Reported by
`Seratov <https://github.com/Seratov>`__.

Out-of-bounds (OOB) write from ``Image.paste()``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations
============
Large paste box dimensions can cause an OOB write in ``Image.crop()``,
``Image.paste()`` and ``Image.alpha_composite()``. This has been fixed. Reported by
`Seratov <https://github.com/Seratov>`__.

TODO
^^^^
Out-of-bounds (OOB) write in ``ImageCmsTransform``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

TODO
Apply a transform mode to a different image mode can trigger an OOB write in
``ImageCmsTransform``. Errors are now raised if the mode does not match. Reported by
`Seratov <https://github.com/Seratov>`__.

API changes
===========
:cve:`2026-54059`, :cve:`2026-54060`, :cve:`2026-55379`: Prevent FontFile decompression bomb
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

TODO
^^^^
Decompression bomb checks have now been added to :py:class:`~PIL.FontFile.FontFile`,
and its subclasses, checking the width and height of characters. Reported by Rahul
Singh and Dinesh.

TODO
:cve:`2026-55380`: Prevent GD decompression bomb
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

A decompression bomb check has been added to :py:class:`~PIL.GdImageFile.GdImageFile`.
This is format must be explicitly called though, rather than being accessible from
``Image.open()``. Reported by Rahul Singh.

API additions
=============
Expand All @@ -51,6 +96,12 @@ default, images will be captured at 2x. If ``scale_down`` is ``True``, they will

Previously, macOS screenshots with a ``bbox`` were captured at 1x by default.

Added ``max_length`` argument to ``PdfStream.decode()``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

When calling ``PdfStream.decode()``, the maximum length of data to decode can now be
specified. This will default to ``ImageFile.SAFEBLOCK``.

Other changes
=============

Expand Down