cvelistv5 - cve-2025-48379

CVE-2025-48379 (GCVE-0-2025-48379)

Vulnerability from cvelistv5

Published

2025-07-01 18:33

Modified

2025-07-01 19:42

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Summary

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

References

►

URL

Tags

	security-advisories@github.com	https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4
	security-advisories@github.com	https://github.com/python-pillow/Pillow/pull/9041
	security-advisories@github.com	https://github.com/python-pillow/Pillow/releases/tag/11.3.0
	security-advisories@github.com	https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952

Impacted products

	Vendor	Product	Version
	python-pillow	Pillow	Version: >= 11.2.0, < 11.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48379",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T19:42:09.269034Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T19:42:22.348Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pillow",
          "vendor": "python-pillow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 11.2.0, \u003c 11.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (\u003e64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-01T18:33:30.687Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
        },
        {
          "name": "https://github.com/python-pillow/Pillow/pull/9041",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/python-pillow/Pillow/pull/9041"
        },
        {
          "name": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
        },
        {
          "name": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
        }
      ],
      "source": {
        "advisory": "GHSA-xg8h-j46f-w952",
        "discovery": "UNKNOWN"
      },
      "title": "Pillow Vulnerable to Write Buffer Overflow on BCn encoding"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48379",
    "datePublished": "2025-07-01T18:33:30.687Z",
    "dateReserved": "2025-05-19T15:46:00.396Z",
    "dateUpdated": "2025-07-01T19:42:22.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48379\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-01T19:15:27.353\",\"lastModified\":\"2025-07-03T15:14:12.767\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (\u003e64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.\"},{\"lang\":\"es\",\"value\":\"Pillow es una librer\u00eda de im\u00e1genes de Python. En las versiones 11.2.0 y anteriores a la 11.3.0, se produce un desbordamiento del b\u00fafer de mont\u00f3n al escribir una imagen suficientemente grande (m\u00e1s de 64k codificada con la configuraci\u00f3n predeterminada) en formato DDS, debido a que se escribe en un b\u00fafer sin comprobar el espacio disponible. Esto solo afecta a los usuarios que guardan datos no confiables como una imagen DDS comprimida. Este problema se ha corregido en la versi\u00f3n 11.3.0. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/python-pillow/Pillow/pull/9041\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/python-pillow/Pillow/releases/tag/11.3.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-01T19:42:09.269034Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-01T19:42:11.950Z\"}}], \"cna\": {\"title\": \"Pillow Vulnerable to Write Buffer Overflow on BCn encoding\", \"source\": {\"advisory\": \"GHSA-xg8h-j46f-w952\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"python-pillow\", \"product\": \"Pillow\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 11.2.0, \u003c 11.3.0\"}]}], \"references\": [{\"url\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952\", \"name\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/pull/9041\", \"name\": \"https://github.com/python-pillow/Pillow/pull/9041\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4\", \"name\": \"https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/releases/tag/11.3.0\", \"name\": \"https://github.com/python-pillow/Pillow/releases/tag/11.3.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (\u003e64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-01T18:33:30.687Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-01T19:42:22.348Z\", \"dateReserved\": \"2025-05-19T15:46:00.396Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-01T18:33:30.687Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-xg8h-j46f-w952

Vulnerability from github

Published

2025-07-01 17:29

Modified

2025-07-02 14:20

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

Pillow vulnerability can cause write buffer overflow on BCn encoding

Details

There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space.

This only affects users who save untrusted data as a compressed DDS image.

Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded.
Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16.

This was introduced in Pillow 11.2.0 when the feature was added.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pillow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.2.0"
            },
            {
              "fixed": "11.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-01T17:29:37Z",
    "nvd_published_at": "2025-07-01T19:15:27Z",
    "severity": "HIGH"
  },
  "details": "There is a heap buffer overflow when writing a sufficiently large (\u003e64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. \n\nThis only affects users who save untrusted data as a compressed DDS image. \n\n* Unclear how large the potential write could be. It is likely limited by process segfault, so it\u0027s not necessarily deterministic. It may be practically unbounded. \n* Unclear if there\u0027s a restriction on the bytes that could be emitted. It\u0027s likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16. \n\nThis was introduced in Pillow 11.2.0 when the feature was added.",
  "id": "GHSA-xg8h-j46f-w952",
  "modified": "2025-07-02T14:20:24Z",
  "published": "2025-07-01T17:29:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/pull/9041"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2025-61.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/python-pillow/Pillow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pillow vulnerability can cause write buffer overflow on BCn encoding"
}

pysec-2025-61

Vulnerability from pysec

Published

2025-07-01 19:15

Modified

2025-07-07 14:12

Details

Impacted products

Name	purl
pillow	pkg:pypi/pillow

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pillow",
        "purl": "pkg:pypi/pillow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "89f1f4626a2aaf5f3d5ca6437f41def2998fbe09"
            },
            {
              "fixed": "ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
            }
          ],
          "repo": "https://github.com/python-pillow/pillow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "11.2.0"
            },
            {
              "fixed": "11.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "11.2.0",
        "11.2.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48379",
    "GHSA-xg8h-j46f-w952"
  ],
  "details": "Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (\u003e64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.",
  "id": "PYSEC-2025-61",
  "modified": "2025-07-07T14:12:46.226030Z",
  "published": "2025-07-01T19:15:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
    },
    {
      "type": "FIX",
      "url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/pull/9041"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
    }
  ]
}

opensuse-su-2025:15316-1

Vulnerability from csaf_opensuse

Published

2025-07-06 00:00

Modified

2025-07-06 00:00

Summary

python311-Pillow-11.3.0-1.1 on GA media

Notes

Title of the patch

python311-Pillow-11.3.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the python311-Pillow-11.3.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15316

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python311-Pillow-11.3.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python311-Pillow-11.3.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15316",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15316-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48379 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48379/"
      }
    ],
    "title": "python311-Pillow-11.3.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-06T00:00:00Z",
      "generator": {
        "date": "2025-07-06T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15316-1",
      "initial_release_date": "2025-07-06T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-06T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-Pillow-11.3.0-1.1.aarch64",
                "product": {
                  "name": "python311-Pillow-11.3.0-1.1.aarch64",
                  "product_id": "python311-Pillow-11.3.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Pillow-tk-11.3.0-1.1.aarch64",
                "product": {
                  "name": "python311-Pillow-tk-11.3.0-1.1.aarch64",
                  "product_id": "python311-Pillow-tk-11.3.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-11.3.0-1.1.aarch64",
                "product": {
                  "name": "python312-Pillow-11.3.0-1.1.aarch64",
                  "product_id": "python312-Pillow-11.3.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-tk-11.3.0-1.1.aarch64",
                "product": {
                  "name": "python312-Pillow-tk-11.3.0-1.1.aarch64",
                  "product_id": "python312-Pillow-tk-11.3.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-11.3.0-1.1.aarch64",
                "product": {
                  "name": "python313-Pillow-11.3.0-1.1.aarch64",
                  "product_id": "python313-Pillow-11.3.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-tk-11.3.0-1.1.aarch64",
                "product": {
                  "name": "python313-Pillow-tk-11.3.0-1.1.aarch64",
                  "product_id": "python313-Pillow-tk-11.3.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-Pillow-11.3.0-1.1.ppc64le",
                "product": {
                  "name": "python311-Pillow-11.3.0-1.1.ppc64le",
                  "product_id": "python311-Pillow-11.3.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Pillow-tk-11.3.0-1.1.ppc64le",
                "product": {
                  "name": "python311-Pillow-tk-11.3.0-1.1.ppc64le",
                  "product_id": "python311-Pillow-tk-11.3.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-11.3.0-1.1.ppc64le",
                "product": {
                  "name": "python312-Pillow-11.3.0-1.1.ppc64le",
                  "product_id": "python312-Pillow-11.3.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-tk-11.3.0-1.1.ppc64le",
                "product": {
                  "name": "python312-Pillow-tk-11.3.0-1.1.ppc64le",
                  "product_id": "python312-Pillow-tk-11.3.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-11.3.0-1.1.ppc64le",
                "product": {
                  "name": "python313-Pillow-11.3.0-1.1.ppc64le",
                  "product_id": "python313-Pillow-11.3.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-tk-11.3.0-1.1.ppc64le",
                "product": {
                  "name": "python313-Pillow-tk-11.3.0-1.1.ppc64le",
                  "product_id": "python313-Pillow-tk-11.3.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-Pillow-11.3.0-1.1.s390x",
                "product": {
                  "name": "python311-Pillow-11.3.0-1.1.s390x",
                  "product_id": "python311-Pillow-11.3.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Pillow-tk-11.3.0-1.1.s390x",
                "product": {
                  "name": "python311-Pillow-tk-11.3.0-1.1.s390x",
                  "product_id": "python311-Pillow-tk-11.3.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-11.3.0-1.1.s390x",
                "product": {
                  "name": "python312-Pillow-11.3.0-1.1.s390x",
                  "product_id": "python312-Pillow-11.3.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-tk-11.3.0-1.1.s390x",
                "product": {
                  "name": "python312-Pillow-tk-11.3.0-1.1.s390x",
                  "product_id": "python312-Pillow-tk-11.3.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-11.3.0-1.1.s390x",
                "product": {
                  "name": "python313-Pillow-11.3.0-1.1.s390x",
                  "product_id": "python313-Pillow-11.3.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-tk-11.3.0-1.1.s390x",
                "product": {
                  "name": "python313-Pillow-tk-11.3.0-1.1.s390x",
                  "product_id": "python313-Pillow-tk-11.3.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-Pillow-11.3.0-1.1.x86_64",
                "product": {
                  "name": "python311-Pillow-11.3.0-1.1.x86_64",
                  "product_id": "python311-Pillow-11.3.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-Pillow-tk-11.3.0-1.1.x86_64",
                "product": {
                  "name": "python311-Pillow-tk-11.3.0-1.1.x86_64",
                  "product_id": "python311-Pillow-tk-11.3.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-11.3.0-1.1.x86_64",
                "product": {
                  "name": "python312-Pillow-11.3.0-1.1.x86_64",
                  "product_id": "python312-Pillow-11.3.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python312-Pillow-tk-11.3.0-1.1.x86_64",
                "product": {
                  "name": "python312-Pillow-tk-11.3.0-1.1.x86_64",
                  "product_id": "python312-Pillow-tk-11.3.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-11.3.0-1.1.x86_64",
                "product": {
                  "name": "python313-Pillow-11.3.0-1.1.x86_64",
                  "product_id": "python313-Pillow-11.3.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-Pillow-tk-11.3.0-1.1.x86_64",
                "product": {
                  "name": "python313-Pillow-tk-11.3.0-1.1.x86_64",
                  "product_id": "python313-Pillow-tk-11.3.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-11.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.aarch64"
        },
        "product_reference": "python311-Pillow-11.3.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-11.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.ppc64le"
        },
        "product_reference": "python311-Pillow-11.3.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-11.3.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.s390x"
        },
        "product_reference": "python311-Pillow-11.3.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-11.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.x86_64"
        },
        "product_reference": "python311-Pillow-11.3.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-tk-11.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.aarch64"
        },
        "product_reference": "python311-Pillow-tk-11.3.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-tk-11.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.ppc64le"
        },
        "product_reference": "python311-Pillow-tk-11.3.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-tk-11.3.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.s390x"
        },
        "product_reference": "python311-Pillow-tk-11.3.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-Pillow-tk-11.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.x86_64"
        },
        "product_reference": "python311-Pillow-tk-11.3.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-11.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.aarch64"
        },
        "product_reference": "python312-Pillow-11.3.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-11.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.ppc64le"
        },
        "product_reference": "python312-Pillow-11.3.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-11.3.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.s390x"
        },
        "product_reference": "python312-Pillow-11.3.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-11.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.x86_64"
        },
        "product_reference": "python312-Pillow-11.3.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-tk-11.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.aarch64"
        },
        "product_reference": "python312-Pillow-tk-11.3.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-tk-11.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.ppc64le"
        },
        "product_reference": "python312-Pillow-tk-11.3.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-tk-11.3.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.s390x"
        },
        "product_reference": "python312-Pillow-tk-11.3.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python312-Pillow-tk-11.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.x86_64"
        },
        "product_reference": "python312-Pillow-tk-11.3.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-11.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.aarch64"
        },
        "product_reference": "python313-Pillow-11.3.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-11.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.ppc64le"
        },
        "product_reference": "python313-Pillow-11.3.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-11.3.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.s390x"
        },
        "product_reference": "python313-Pillow-11.3.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-11.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.x86_64"
        },
        "product_reference": "python313-Pillow-11.3.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-tk-11.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.aarch64"
        },
        "product_reference": "python313-Pillow-tk-11.3.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-tk-11.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.ppc64le"
        },
        "product_reference": "python313-Pillow-tk-11.3.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-tk-11.3.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.s390x"
        },
        "product_reference": "python313-Pillow-tk-11.3.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-Pillow-tk-11.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.x86_64"
        },
        "product_reference": "python313-Pillow-tk-11.3.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48379",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48379"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (\u003e64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.x86_64",
          "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.x86_64",
          "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.aarch64",
          "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.s390x",
          "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.x86_64",
          "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.aarch64",
          "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.s390x",
          "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48379",
          "url": "https://www.suse.com/security/cve/CVE-2025-48379"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245578 for CVE-2025-48379",
          "url": "https://bugzilla.suse.com/1245578"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-Pillow-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-Pillow-tk-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-Pillow-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python312-Pillow-tk-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-Pillow-11.3.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-Pillow-tk-11.3.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-06T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-48379"
    }
  ]
}

fkie_cve-2025-48379

Vulnerability from fkie_nvd

Published

2025-07-01 19:15

Modified

2025-07-03 15:14

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4
	security-advisories@github.com	https://github.com/python-pillow/Pillow/pull/9041
	security-advisories@github.com	https://github.com/python-pillow/Pillow/releases/tag/11.3.0
	security-advisories@github.com	https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (\u003e64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0."
    },
    {
      "lang": "es",
      "value": "Pillow es una librer\u00eda de im\u00e1genes de Python. En las versiones 11.2.0 y anteriores a la 11.3.0, se produce un desbordamiento del b\u00fafer de mont\u00f3n al escribir una imagen suficientemente grande (m\u00e1s de 64k codificada con la configuraci\u00f3n predeterminada) en formato DDS, debido a que se escribe en un b\u00fafer sin comprobar el espacio disponible. Esto solo afecta a los usuarios que guardan datos no confiables como una imagen DDS comprimida. Este problema se ha corregido en la versi\u00f3n 11.3.0. "
    }
  ],
  "id": "CVE-2025-48379",
  "lastModified": "2025-07-03T15:14:12.767",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-01T19:15:27.353",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/python-pillow/Pillow/pull/9041"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-48379 (GCVE-0-2025-48379)

Vulnerability from cvelistv5

ghsa-xg8h-j46f-w952

Vulnerability from github

pysec-2025-61

Vulnerability from pysec

opensuse-su-2025:15316-1

Vulnerability from csaf_opensuse

fkie_cve-2025-48379

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature