1 files changed, 23 insertions, 0 deletions

diff --git a/main/py-pillow/cve-2021-23437.patch b/main/py-pillow/cve-2021-23437.patch
new file mode 100644
index 00000000000..0afa0f1f509
--- /dev/null
+++ b/main/py-pillow/cve-2021-23437.patch
@@ -0,0 +1,23 @@
+From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+
+---
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py    | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 51df4404039..25f92f2c732 100644
+--- a/src/PIL/ImageColor.py
++++ b/src/PIL/ImageColor.py
+@@ -32,6 +32,8 @@ def getrgb(color):
+     :param color: A color string
+     :return: ``(red, green, blue[, alpha])``
+     """
++    if len(color) > 100:
++        raise ValueError("color specifier is too long")
+     color = color.lower()
+ 
+     rgb = colormap.get(color, None)