PYSEC-2025-61

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2025-61.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2025-61

Aliases

Published

2025-07-01T19:15:27Z

Modified

2025-07-07T14:12:46.226030Z

Summary

[none]

Details

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

References

Affected packages

PyPI / pillow

Package

Name: pillow; View open source insights on deps.dev
Purl: pkg:pypi/pillow

Affected ranges

Type: GIT
Repo: https://github.com/python-pillow/pillow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

89f1f4626a2aaf5f3d5ca6437f41def2998fbe09

Fixed

ef98b3510e3e4f14b547762764813d7e5ca3c5a4

Type: ECOSYSTEM
Events: Introduced

11.2.0

Fixed

11.3.0

Affected versions

11.*

11.2.0

11.2.1