CVE-2025-48379

Опубликовано: 01 июл. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.1

Описание

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

Релиз	Статус	Примечание
devel	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	not-affected	code not present
esm-infra/focal	not-affected	code not present
esm-infra/xenial	not-affected	code not present
jammy	not-affected	code not present
noble	not-affected	code not present
oracular	not-affected	code not present
plucky	not-affected	code not present
upstream	not-affected	debian: Vulnerable code not present

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-apps/focal	not-affected	code not present
jammy	DNE
noble	DNE
oracular	DNE
plucky	DNE
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 2%

0.00015

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2025-48379

CVSS3: 7.1

redhat

около 2 месяцев назад

CVE-2025-48379

CVSS3: 7.1

nvd

около 2 месяцев назад

CVE-2025-48379

CVSS3: 7.1

debian

около 2 месяцев назад

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3. ...

GHSA-xg8h-j46f-w952

CVSS3: 7.1

github

около 2 месяцев назад

Pillow vulnerability can cause write buffer overflow on BCn encoding

EPSS

Процентиль: 2%

0.00015

Низкий

7.1 High

CVSS3

CVE-2025-48379

Описание

Пакет pillow

Пакет pillow-python2

Ссылки на источники

Связанные уязвимости