From release notes: Clear PPM half token after use ============================== Image files that are small on disk are often prevented from expanding to be big images consuming a large amount of resources simply because they lack the data to populate those resources. PpmImagePlugin might hold onto the last data read for a pixel value in case the pixel value has not been finished yet. However, that data was not being cleared afterwards, meaning that infinite data could be available to fill any image size. This has been present since Pillow 9.2.0. That data is now cleared after use. Saving TIFF tag ImageSourceData =============================== If Pillow incorrectly saved the TIFF tag ImageSourceData as ASCII instead of UNDEFINED, a segmentation fault was triggered. The correct tag type will now be used by default instead.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=816096872d7a07e6233fbe06019e8382ea181358 commit 816096872d7a07e6233fbe06019e8382ea181358 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-05 07:36:46 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-05 07:37:30 +0000 [ GLSA 202405-12 ] Pillow: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/889594 Bug: https://bugs.gentoo.org/903664 Bug: https://bugs.gentoo.org/916907 Bug: https://bugs.gentoo.org/922577 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-12.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)