CVE-2025-48379

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48379

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48379.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48379

Aliases

Related

Published

2025-07-01T18:33:30.687Z

Modified

2025-12-05T10:18:08.488706Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

Pillow Vulnerable to Write Buffer Overflow on BCn encoding

Details

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

Database specific

{
    "cwe_ids": [
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48379.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/python-pillow/pillow

Affected ranges

Type: GIT
Repo: https://github.com/python-pillow/pillow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

89f1f4626a2aaf5f3d5ca6437f41def2998fbe09

Fixed

ef98b3510e3e4f14b547762764813d7e5ca3c5a4

Affected versions

1.*

1.0

1.2

1.7.6

1.7.7

1.7.8

10.*

10.0.0

10.1.0

10.2.0

10.3.0

10.4.0

11.*

11.0.0

11.1.0

11.2.1

2.*

2.0.0

2.1.0

2.2.0

2.2.1

2.2.2

2.3.0

2.5.0

2.6.0

2.6.0-rc1

2.7.0

2.8.0

2.8.1

2.9.0

2.9.0.dev0

2.9.0.dev1

2.9.0.dev2

3.*

3.0.0

3.1.0

3.1.0-rc1

3.2.0

3.3.0

3.3.1

3.4.0

4.*

4.0.0

4.0.0a

4.1.0

4.2.0

4.3.0

5.*

5.0.0

5.1.0

5.2.0

5.3.0

5.4.0

6.*

6.0.0

6.1.0

6.2.0

7.*

7.0.0

7.1.0

7.2.0

8.*

8.0.0

8.1.0

8.2.0

8.3.0

8.4.0

9.*

9.0.0

9.1.0

9.2.0

9.3.0

9.4.0

9.5.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48379.json"

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2025-48379-9d8639d6",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "1460723953953916237000772780993437358",
                "262010335039141647947683660503617336656",
                "58144948068747468342078331403230676652",
                "204231485735867392982528533877261618081"
            ]
        },
        "source": "https://github.com/python-pillow/pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "src/libImaging/BcnEncode.c"
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2025-48379-d8fe69e0",
        "digest": {
            "length": 900.0,
            "function_hash": "124770330357352352519384856536618134204"
        },
        "source": "https://github.com/python-pillow/pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "src/libImaging/BcnEncode.c",
            "function": "ImagingBcnEncode"
        }
    }
]