We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-48379

Pillow Vulnerable to Write Buffer Overflow on BCn encoding



Description

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

Reserved 2025-05-19 | Published 2025-07-01 | Updated 2025-07-01 | Assigner GitHub_M


HIGH: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-122: Heap-based Buffer Overflow

Product status

>= 11.2.0, < 11.3.0
affected

References

github.com/...Pillow/security/advisories/GHSA-xg8h-j46f-w952

github.com/python-pillow/Pillow/pull/9041

github.com/...ommit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4

github.com/python-pillow/Pillow/releases/tag/11.3.0

cve.org (CVE-2025-48379)

nvd.nist.gov (CVE-2025-48379)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-48379

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.