CVE-2025-48379
published 2025-07-01CVE-2025-48379: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pillow | — | — |
| python-pillow | pillow | — | — |
| python | pillow | < ef98b3510e3e4f14b547762764813d7e5ca3c5a4 | ef98b3510e3e4f14b547762764813d7e5ca3c5a4 |
| python | pillow | — | — |
| python | pillow | >= 0 < 89f1f4626a2aaf5f3d5ca6437f41def2998fbe09 | 89f1f4626a2aaf5f3d5ca6437f41def2998fbe09 |
| python | pillow | >= 11.2.0 < 11.3.0 | 11.3.0 |