Ubuntu Security Notice 3090-1 - It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service. Andrew Drake discovered that Pillow incorrectly validated input. A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. Eric Soroos discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. Various other issues were also addressed.
c423e110ad23bb74b24341dabc7ba03ff800cb994f63644b57a221bccb5ab251