CNNVD-202507-084 Information
Jul 01, 2025
cve
CNNVD ID
CNNVD-202507-084
Related CVE
- CNNVD Published: 2025-07-01
Description (Chinese)
Pillow是Pillow开源的一款基于Python的图像处理库。 Pillow 11.2.0至11.3.0之前版本存在安全漏洞,该漏洞源于DDS格式图像写入时存在堆缓冲区溢出,可能导致执行任意代码。
Description (English)
Pillow is an image-processing library based on Python. There was a security loophole in the pre-Pillow 11.2.0 to 11.3.0, which stemmed from the spill of a pile of buffers at the time the DDS image was written, which could lead to the implementation of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Pillow
Published
2025-07-01
Last Modified
2026-02-24
References
https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4 https://github.com/python-pillow/Pillow/pull/9041 https://github.com/python-pillow/Pillow/releases/tag/11.3.0 https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952
Patch
https://github.com/python-pillow/Pillow/releases
Share on: