- Description
- Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-122
- Hype score
- Not currently trending
🚨 Critical Heap Buffer Overflow Vulnerability in Pillow - CVE-2025-48379. Update to version 11.3.0 or later to mitigate the risk. If unable to update, avoid processing untrusted DDS images and implement additional validation measures. 🔧 Read more: https://t.co/Q9IFWtZvQW h
@vulert_official
2 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48379 Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default … https://t.co/dK9Y6ZzLIJ
@CVEnew
1 Jul 2025
399 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes