Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-xg8h-j46f-w952: Pillow vulnerability can cause write buffer overflow on BCn encoding

There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space.

This only affects users who save untrusted data as a compressed DDS image.

  • Unclear how large the potential write could be. It is likely limited by process segfault, so it’s not necessarily deterministic. It may be practically unbounded.
  • Unclear if there’s a restriction on the bytes that could be emitted. It’s likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16.

This was introduced in Pillow 11.2.0 when the feature was added.

ghsa
Open in Source
#vulnerability#web#git#buffer_overflow

Skip to content

Navigation Menu

    • GitHub Copilot

      Write better code with AI

    • GitHub Models New

      Manage and compare prompts

    • GitHub Advanced Security

      Find and fix vulnerabilities

    • Actions

      Automate any workflow

    • Codespaces

      Instant dev environments

*   Issues
    
    Plan and track work
    
*   Code Review
    
    Manage code changes
    
*   Discussions
    
    Collaborate outside of code
    
*   Code Search
    
    Find more, search less

  • Explore

    • Learning Pathways
    • Events & Webinars
    • Ebooks & Whitepapers
    • Customer Stories
    • Partners
    • Executive Insights

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles

    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-48379

Pillow vulnerability can cause write buffer overflow on BCn encoding

High severity GitHub Reviewed Published Jul 1, 2025 in python-pillow/Pillow • Updated Jul 1, 2025

Affected versions

>= 11.2.0, < 11.3.0

Description

There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space.

This only affects users who save untrusted data as a compressed DDS image.

  • Unclear how large the potential write could be. It is likely limited by process segfault, so it’s not necessarily deterministic. It may be practically unbounded.
  • Unclear if there’s a restriction on the bytes that could be emitted. It’s likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16.

This was introduced in Pillow 11.2.0 when the feature was added.

References

  • GHSA-xg8h-j46f-w952
  • python-pillow/Pillow#9041
  • https://github.com/python-pillow/Pillow/releases/tag/11.3.0

Published to the GitHub Advisory Database

Jul 1, 2025

EPSS score

ghsa: Latest News

GHSA-m43g-m425-p68x: junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener
ghsa