From fe06d419fc7071fd972e715df000a01231b7f660 Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sun, 17 Mar 2024 18:30:56 +1100 Subject: [PATCH] Added heading --- docs/releasenotes/9.1.1.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/releasenotes/9.1.1.rst b/docs/releasenotes/9.1.1.rst index d538e88c0..746bec4d4 100644 --- a/docs/releasenotes/9.1.1.rst +++ b/docs/releasenotes/9.1.1.rst @@ -14,6 +14,9 @@ Pillow reads the information past the end of the first line without deducting th from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow. +Decompression bomb check fix +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a :py:exc:`SyntaxError` instead, in turn raising a ``PIL.UnidentifiedImageError``.