File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed
Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -140,11 +140,12 @@ Denial of service
140140**D-1 — Decompression bomb **
141141
142142A small compressed image can expand to gigabytes in memory.
143- :py:data: `PIL.Image.MAX_IMAGE_PIXELS ` (~89 MP by default) raises
143+ :py:data: `PIL.Image.MAX_IMAGE_PIXELS ` raises
144144``DecompressionBombError `` at 2× the limit and
145145``DecompressionBombWarning `` at 1×. PNG text chunks are
146- separately capped by ``PngImagePlugin.MAX_TEXT_CHUNK `` (1 MiB) and
147- ``MAX_TEXT_MEMORY `` (64 MiB).
146+ separately capped by ``PngImagePlugin.MAX_TEXT_CHUNK `` and
147+ ``MAX_TEXT_MEMORY ``. Check the values in your installed Pillow version at
148+ runtime or in the reference/source for the current defaults.
148149
149150*Mitigations: * **never ** set ``Image.MAX_IMAGE_PIXELS = None `` in production;
150151treat ``DecompressionBombWarning `` as an error; set OS/container memory limits
You can’t perform that action at this time.
0 commit comments