CVE-2025-48379

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4", "name": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4", "tags": [], "refsource": ""}, {"url": "https://github.com/python-pillow/Pillow/pull/9041", "name": "https://github.com/python-pillow/Pillow/pull/9041", "tags": [], "refsource": ""}, {"url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0", "name": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0", "tags": [], "refsource": ""}, {"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952", "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-122"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-48379", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2025-07-01T19:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-01T19:15Z"}