Sophie

Sophie

distrib > Mageia > 7 > armv7hl > media > core-updates > by-pkgid > e5936adde9b1ea7ed6dc23c107bda8ab > files > 264

python3-pillow-doc-5.4.1-1.1.mga7.noarch.rpm



<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
  <meta charset="utf-8">
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  
  <title>3.3.2 &mdash; Pillow (PIL Fork) 5.4.1 documentation</title>
  

  
  
  
  

  
  <script type="text/javascript" src="../_static/js/modernizr.min.js"></script>
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
        <script type="text/javascript" src="../_static/jquery.js"></script>
        <script type="text/javascript" src="../_static/underscore.js"></script>
        <script type="text/javascript" src="../_static/doctools.js"></script>
        <script type="text/javascript" src="../_static/language_data.js"></script>
        <script type="text/javascript" src="../_static/js/script.js"></script>
    
    <script type="text/javascript" src="../_static/js/theme.js"></script>

    

  
  <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
  <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    <link rel="author" title="About these documents" href="../about.html" />
    <link rel="index" title="Index" href="../genindex.html" />
    <link rel="search" title="Search" href="../search.html" />
    <link rel="next" title="3.3.0" href="3.3.0.html" />
    <link rel="prev" title="3.4.0" href="3.4.0.html" /> 
</head>

<body class="wy-body-for-nav">

   
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search" >
          

          
            <a href="../index.html" class="icon icon-home"> Pillow (PIL Fork)
          

          
          </a>

          
            
            
              <div class="version">
                5.4.1
              </div>
            
          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../installation.html">Installation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../handbook/index.html">Handbook</a></li>
<li class="toctree-l1"><a class="reference internal" href="../reference/index.html">Reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="../porting.html">Porting</a></li>
<li class="toctree-l1"><a class="reference internal" href="../about.html">About</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Release Notes</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="5.4.1.html">5.4.1</a></li>
<li class="toctree-l2"><a class="reference internal" href="5.4.0.html">5.4.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="5.3.0.html">5.3.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="5.2.0.html">5.2.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="5.1.0.html">5.1.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="5.0.0.html">5.0.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="4.3.0.html">4.3.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="4.2.1.html">4.2.1</a></li>
<li class="toctree-l2"><a class="reference internal" href="4.2.0.html">4.2.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="4.1.1.html">4.1.1</a></li>
<li class="toctree-l2"><a class="reference internal" href="4.1.0.html">4.1.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="4.0.0.html">4.0.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="3.4.0.html">3.4.0</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">3.3.2</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#integer-overflow-in-map-c">Integer overflow in Map.c</a></li>
<li class="toctree-l3"><a class="reference internal" href="#sign-extension-in-storage-c">Sign Extension in Storage.c</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="3.3.0.html">3.3.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="3.2.0.html">3.2.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="3.1.2.html">3.1.2</a></li>
<li class="toctree-l2"><a class="reference internal" href="3.1.1.html">3.1.1</a></li>
<li class="toctree-l2"><a class="reference internal" href="3.1.0.html">3.1.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="3.0.0.html">3.0.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="2.8.0.html">2.8.0</a></li>
<li class="toctree-l2"><a class="reference internal" href="2.7.0.html">2.7.0</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../deprecations.html">Deprecations and removals</a></li>
</ul>

            
          
        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../index.html">Pillow (PIL Fork)</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="../index.html">Docs</a> &raquo;</li>
        
          <li><a href="index.html">Release Notes</a> &raquo;</li>
        
      <li>3.3.2</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
            
            <a href="../_sources/releasenotes/3.3.2.rst.txt" rel="nofollow"> View page source</a>
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
  <div class="section" id="id1">
<h1>3.3.2<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h1>
<div class="section" id="integer-overflow-in-map-c">
<h2>Integer overflow in Map.c<a class="headerlink" href="#integer-overflow-in-map-c" title="Permalink to this headline">¶</a></h2>
<p>Pillow prior to 3.3.2 may experience integer overflow errors in map.c
when reading specially crafted image files. This may lead to memory
disclosure or corruption.</p>
<p>Specifically, when parameters from the image are passed into
<code class="docutils literal notranslate"><span class="pre">Image.core.map_buffer</span></code>, the size of the image was calculated with
<code class="docutils literal notranslate"><span class="pre">xsize</span></code> * <code class="docutils literal notranslate"><span class="pre">ysize</span></code> * <code class="docutils literal notranslate"><span class="pre">bytes_per_pixel</span></code>. This will overflow if the
result is larger than SIZE_MAX. This is possible on a 32-bit system.</p>
<p>Furthermore this <code class="docutils literal notranslate"><span class="pre">size</span></code> value was added to a potentially attacker
provided <code class="docutils literal notranslate"><span class="pre">offset</span></code> value and compared to the size of the buffer
without checking for overflow or negative values.</p>
<p>These values were then used for creating pointers, at which point
Pillow could read the memory and include it in other images. The image
was marked readonly, so Pillow would not ordinarily write to that
memory without duplicating the image first.</p>
<p>This issue was found by Cris Neckar at Divergent Security.</p>
</div>
<div class="section" id="sign-extension-in-storage-c">
<h2>Sign Extension in Storage.c<a class="headerlink" href="#sign-extension-in-storage-c" title="Permalink to this headline">¶</a></h2>
<p>Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for
negative image sizes in <code class="docutils literal notranslate"><span class="pre">ImagingNew</span></code> in <code class="docutils literal notranslate"><span class="pre">Storage.c</span></code>. A negative
image size can lead to a smaller allocation than expected, leading to
arbitrary writes.</p>
<p>This issue was found by Cris Neckar at Divergent Security.</p>
</div>
</div>


           </div>
           
          </div>
          <footer>
  
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
      
        <a href="3.3.0.html" class="btn btn-neutral float-right" title="3.3.0" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a>
      
      
        <a href="3.4.0.html" class="btn btn-neutral float-left" title="3.4.0" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a>
      
    </div>
  

  <hr/>

  <div role="contentinfo">
    <p>
        &copy; Copyright 1995-2011 Fredrik Lundh, 2010-2018 Alex Clark and Contributors

    </p>
  </div>
  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. 

</footer>

        </div>
      </div>

    </section>

  </div>
  


  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional