diff options
Diffstat (limited to 'main/py-pillow/cve-2021-23437.patch')
-rw-r--r-- | main/py-pillow/cve-2021-23437.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/main/py-pillow/cve-2021-23437.patch b/main/py-pillow/cve-2021-23437.patch new file mode 100644 index 00000000000..0afa0f1f509 --- /dev/null +++ b/main/py-pillow/cve-2021-23437.patch @@ -0,0 +1,23 @@ +From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001 +From: Hugo van Kemenade <hugovk@users.noreply.github.com> +Date: Mon, 23 Aug 2021 19:10:49 +0300 +Subject: [PATCH] Raise ValueError if color specifier is too long + +--- + Tests/test_imagecolor.py | 9 +++++++++ + src/PIL/ImageColor.py | 2 ++ + 2 files changed, 11 insertions(+) + +diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py +index 51df4404039..25f92f2c732 100644 +--- a/src/PIL/ImageColor.py ++++ b/src/PIL/ImageColor.py +@@ -32,6 +32,8 @@ def getrgb(color): + :param color: A color string + :return: ``(red, green, blue[, alpha])`` + """ ++ if len(color) > 100: ++ raise ValueError("color specifier is too long") + color = color.lower() + + rgb = colormap.get(color, None) |