CVE-2025-48379

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Pillow versions 11.2.0 through 11.2.x

Description: The issue is a heap buffer overflow that occurs when writing a sufficiently large image in the DDS format. This happens because the library writes into a buffer without checking for available space. The issue only affects users who save untrusted data as a compressed DDS image.

Recommendations: For Pillow versions 11.2.0 through 11.2.x, update to version 11.3.0 to resolve the issue. As a temporary workaround, consider avoiding the saving of untrusted data as compressed DDS images until the update is applied.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2025-13082

BDU:2026-00152

BIT-PILLOW-2025-48379

CVE-2025-48379

GHSA-XG8H-J46F-W952

OPENSUSE-SU-2025:15316-1

PYSEC-2025-61

Affected Products

Alt Linux

Pillow

CVE-2025-48379

Weakness Enumeration

Related Identifiers

Affected Products

References · 20