This release catches several buffer overruns and fixes CVE-2019-16865.
In RawDecode.c, an error is now thrown if skip is calculated to be less than zero. It is intended to skip padding between lines, not to go backwards.
In PsdImagePlugin, if the combined sizes of the individual parts is larger than the declared size of the extra data field, then it looked for the next layer by seeking backwards. This is now corrected by seeking to (the start of the layer + the size of the extra data field) instead of (the read parts of the layer + the rest of the layer).
Decompression bomb checks have been added to GIF and ICO formats.
An error is now raised if a TIFF dimension is a string, rather than trying to perform operations on it.
DOS attack vulnerabilities.
Note
More information about this vulnerability included in database record 2019-16865
The CVE is regarding DOS problems, such as consuming large amounts of memory, or taking a large amount of time to process an image.
stroke_width
and stroke_fill
arguments have been added to text drawing operations. They allow text to be outlined, setting the width of the stroke and and the color respectively. If not provided, stroke_fill
will default to the fill
parameter. :
from PIL import Image, ImageDraw, ImageFont
font = ImageFont.truetype("Tests/fonts/FreeMono.ttf", 40)
font.getsize_multiline("A", stroke_width=2)
font.getsize("ABC\nAaaa", stroke_width=2)
im = Image.new("RGB", (100, 100))
draw = ImageDraw.Draw(im)
draw.textsize("A", font, stroke_width=2)
draw.multiline_textsize("ABC\nAaaa", font, stroke_width=2)
draw.text((10, 10), "A", "#f00", font, stroke_width=2, stroke_fill="#0f0")
draw.multiline_text((10, 10), "A\nB", "#f00", font,
stroke_width=2, stroke_fill="#0f0")
For example, :
from PIL import Image, ImageDraw, ImageFont
im = Image.new("RGB", (120, 130))
draw = ImageDraw.Draw(im)
font = ImageFont.truetype("Tests/fonts/FreeMono.ttf", 120)
draw.text((10, 10), "A", "#f00", font, stroke_width=2, stroke_fill="#0f0")
creates the following image:
An all_screens
argument has been added to ImageGrab.grab
. If True
, all monitors will be included in the created image.
To allow for lazy loading of Exif data, Image.getexif()
now returns a shared instance of Image.Exif
.
There has been a longstanding warning that the defaults of Image.frombuffer
may change in the future for the "raw" decoder. The change will now take place in Pillow 7.0.
.exe installers fell out of favour with 527
, and will be deprecated in Python 3.8. Pillow will no longer be distributing them. Wheels should be used instead.
When building libwebp for inclusion in wheels, Pillow now adds the -O3
and -DNDEBUG
CFLAGS. These flags would be used by default if building libwebp without debugging, and using them fixes a significant decrease in speed when a wheel-installed copy of Pillow performs libwebp operations.