CVE-2025-48379 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-48379 PUBLISHED

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

EPSS 0.03% · 10.0th percentile

Risk Scores

EPSS Score

0.03%

10.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	pillow	11.2.0
Bitnami	pillow	11.2.0

Timeline

Jan 21, 1970 Security Advisory
Jul 1, 2025 CVE Published
Jul 1, 2025 Coalition ESS Score
Jul 1, 2025 PoC Published
Jul 2, 2025 CVE Updated
Jul 2, 2025 EPSS Score
Jul 3, 2025 Coalition ESS Score
Jul 11, 2025 EPSS Score
Jul 20, 2025 EPSS Score
Jul 30, 2025 EPSS Score
Aug 8, 2025 EPSS Score
Aug 17, 2025 EPSS Score

References

Open in Interactive Console →