This bug appears to have been introduced with `pillow-
CVE-2014-9601.patch` as part of `2.3.0-1ubuntu3.2`.
This patch was sourced (at least partially) from this Pillow commit:
https://github.com/python-
pillow/Pillow/commit/0b75526ffe41a4697231beb8b5740617c98f290b
However, this commit occurs after an earlier commit that changes all
instances of `len` to `length`, to prevent shadowing:
https://github.com/python-
pillow/Pillow/commit/d594c0241aabeda6725fefc44ccc7f945c0464c9
As such, it crashes whenever you try to read any PNG with a text chunk.
Since this is specifically the use-case the CVE patch was designed for,
I find it surprising that apparently nobody tested it.
I have created and attached a patch for `2.3.0-1ubuntu3.2` that works on
the PNG's I've tried. Instead of renaming all instances of `len`, it
just does the minimal changes needed to get this to work. It's up to you
guys whether you'd rather follow upstream or not, but please fix this
fast, because this is a pretty serious bug.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9601
** Attachment added: "fix for text chunk loading"
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+attachment/4751405/+files/fix-CVE-2014-9601.patch.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1628351
Title:
PNG loading degraded
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pillow/+bug/1628351/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
