diff -rupN --no-dereference Pillow-5.4.1/src/PIL/FpxImagePlugin.py Pillow-5.4.1-new/src/PIL/FpxImagePlugin.py --- Pillow-5.4.1/src/PIL/FpxImagePlugin.py 2019-01-06 13:12:16.000000000 +0100 +++ Pillow-5.4.1-new/src/PIL/FpxImagePlugin.py 2020-02-13 14:44:21.750013854 +0100 @@ -101,7 +101,10 @@ class FpxImageFile(ImageFile.ImageFile): s = prop[0x2000002 | id] colors = [] - for i in range(i32(s, 4)): + bands = i32(s, 4) + if bands > 4: + raise IOError("Invalid number of bands") + for i in range(bands): # note: for now, we ignore the "uncalibrated" flag colors.append(i32(s, 8+i*4) & 0x7fffffff) diff -rupN --no-dereference Pillow-5.4.1/Tests/test_file_fpx.py Pillow-5.4.1-new/Tests/test_file_fpx.py --- Pillow-5.4.1/Tests/test_file_fpx.py 2019-01-06 13:12:16.000000000 +0100 +++ Pillow-5.4.1-new/Tests/test_file_fpx.py 2020-02-13 14:44:21.750013854 +0100 @@ -22,6 +22,10 @@ class TestFileFpx(PillowTestCase): self.assertRaises(SyntaxError, FpxImagePlugin.FpxImageFile, ole_file) + def test_fpx_invalid_number_of_bands(self): + with self.assertRaisesRegex(IOError, "Invalid number of bands"): + Image.open("Tests/images/input_bw_five_bands.fpx") + if __name__ == '__main__': unittest.main()