BIT-pillow-2025-48379
heap buffer overflow vulnerability in pillow (PyPI)
What is BIT-pillow-2025-48379 About?
This vulnerability is a heap buffer overflow in Pillow versions 11.2.0 to before 11.3.0 when writing large DDS images. This allows attackers to write data beyond allocated memory, potentially leading to arbitrary code execution or denial of service. Exploitation requires saving untrusted data as a compressed DDS image.
Affected Software
- pillow
- <89f1f4626a2aaf5f3d5ca6437f41def2998fbe09
- >11.2.0, <11.3.0
Technical Details
The vulnerability occurs during the process of writing a DDS (DirectDraw Surface) image using Pillow versions specified. Specifically, when saving an image that is sufficiently large (greater than 64KB when encoded with default settings) in the DDS format, the internal buffer used for writing does not properly check for available space before writing data. This oversight leads to a heap buffer overflow, where data is written beyond the bounds of the allocated memory buffer. An attacker who can control the image data being saved (e.g., through untrusted input) can craft a malicious DDS image header or pixel data that triggers this overflow. This can corrupt adjacent memory regions, potentially leading to arbitrary code execution by overwriting critical program data or control flow structures, or causing a denial of service by crashing the application.
What is the Impact of BIT-pillow-2025-48379?
Successful exploitation may allow attackers to achieve arbitrary code execution, escalate privileges, or cause a denial of service by corrupting memory and crashing the application.
What is the Exploitability of BIT-pillow-2025-48379?
Exploitation of this heap buffer overflow has moderate to high complexity, often requiring precise control over memory layout to achieve reliable code execution. It relies on the ability to save untrusted data as a compressed DDS image using the vulnerable library. Authentication requirements depend on the context of the application; if a web application allows untrusted users to upload and trigger image processing, it could be remotely exploitable without authentication. The attack is usually remote if an attacker can provide the input image data. No special privileges are required by the attacker on the underlying system, but the vulnerability executes with the privileges of the application using Pillow. The critical condition is the application saving untrusted user-supplied data in the DDS format using vulnerable Pillow versions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-pillow-2025-48379?
Available Upgrade Options
- pillow
- >11.2.0, <11.3.0 → Upgrade to 11.3.0
- pillow
- <89f1f4626a2aaf5f3d5ca6437f41def2998fbe09 → Upgrade to 89f1f4626a2aaf5f3d5ca6437f41def2998fbe09
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2025-48379
- https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4
- https://github.com/python-pillow/Pillow/pull/9041
- https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952
- https://github.com/python-pillow/Pillow/pull/9041
- https://osv.dev/vulnerability/PYSEC-2025-61
- https://osv.dev/vulnerability/GHSA-xg8h-j46f-w952
- https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952
- https://github.com/python-pillow/Pillow/releases/tag/11.3.0
- https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4
What are Similar Vulnerabilities to BIT-pillow-2025-48379?
Similar Vulnerabilities: CVE-2014-9900 , CVE-2015-3195 , CVE-2016-10167 , CVE-2017-1000388 , CVE-2020-13790
