Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
History

Fri, 04 Jul 2025 00:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 01 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 01 Jul 2025 18:45:00 +0000

Type Values Removed Values Added
Description Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
Title Pillow Vulnerable to Write Buffer Overflow on BCn encoding
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-07-01T18:33:30.687Z

Updated: 2025-07-01T19:42:22.348Z

Reserved: 2025-05-19T15:46:00.396Z

Link: CVE-2025-48379

cve-icon Vulnrichment

Updated: 2025-07-01T19:42:11.950Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-01T19:15:27.353

Modified: 2025-07-03T15:14:12.767

Link: CVE-2025-48379

cve-icon Redhat

Severity : Important

Publid Date: 2025-07-01T18:33:30Z

Links: CVE-2025-48379 - Bugzilla