Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
Metrics
Affected Vendors & Products
References
History
Fri, 04 Jul 2025 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 01 Jul 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 01 Jul 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0. | |
Title | Pillow Vulnerable to Write Buffer Overflow on BCn encoding | |
Weaknesses | CWE-122 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-07-01T18:33:30.687Z
Updated: 2025-07-01T19:42:22.348Z
Reserved: 2025-05-19T15:46:00.396Z
Link: CVE-2025-48379

Updated: 2025-07-01T19:42:11.950Z

Status : Awaiting Analysis
Published: 2025-07-01T19:15:27.353
Modified: 2025-07-03T15:14:12.767
Link: CVE-2025-48379
