CVE-2025-48379 – pillow

Package

Manager: pip
Name: pillow
Vulnerable Version: >=11.2.0 <11.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00017 pctl0.02794

Details

Pillow vulnerability can cause write buffer overflow on BCn encoding There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. * Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded. * Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16. This was introduced in Pillow 11.2.0 when the feature was added.

Metadata

Created: 2025-07-01T17:29:37Z
Modified: 2025-07-02T14:20:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-xg8h-j46f-w952/GHSA-xg8h-j46f-w952.json
CWE IDs: ["CWE-122"]
Alternative ID: GHSA-xg8h-j46f-w952
Finding: F184
Auto approve: 1