CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

PyPA•added 2025/07/01 7:15 p.m.•10 views

PYSEC-2025-61

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save...

7.1CVSS7.3AI score0.00261EPSS

Exploits1References4Affected Software1

OSV•added 2025/07/01 7:15 p.m.•5 views

PYSEC-2025-61

7.1CVSS7.6AI score0.00261EPSS

NVD•added 2025/07/01 7:15 p.m.•6 views

CVE-2025-48379

7.1CVSS0.00261EPSS

Cvelist•added 2025/07/01 6:33 p.m.•4 views

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

7.1CVSS0.00261EPSS

CVE•added 2025/07/01 6:33 p.m.•117 views

CVE-2025-48379

CVE-2025-48379 (Pillow) Vulnerability: Pillow (Python imaging library) versions 11.2.0 through before 11.3.0 contain a heap buffer overflow when saving large (>64k) images in DDS format, caused by writing into a buffer without checking available space. The issue affects users who save untruste...

7.1CVSS7.7AI score0.00261EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2025/07/01 6:33 p.m.•2 views

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

7.1CVSS7.7AI score0.00261EPSS

OSV•added 2025/07/01 6:33 p.m.•3 views

CVE-2025-48379 Pillow Vulnerable to Write Buffer Overflow on BCn encoding

7.1CVSS7AI score0.00261EPSS

Exploits1References6

Github Security Blog•added 2025/07/01 5:29 p.m.•9 views

Pillow vulnerability can cause write buffer overflow on BCn encoding

There is a heap buffer overflow when writing a sufficiently large 64k encoded with default settings image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. Unclear how large the potential...

7.1CVSS7.6AI score0.00261EPSS

Exploits1References7Affected Software1

OSV•added 2025/07/01 5:29 p.m.•2 views

GHSA-XG8H-J46F-W952 Pillow vulnerability can cause write buffer overflow on BCn encoding

7.1CVSS6.5AI score0.00261EPSS

Exploits1References7

Positive Technologies•added 2025/07/01 12:0 a.m.•2 views

PT-2025-27574 · Pillow · Pillow

Name of the Vulnerable Software and Affected Versions: Pillow versions 11.2.0 through 11.2.x Description: The issue is a heap buffer overflow that occurs when writing a sufficiently large image in the DDS format. This happens because the library writes into a buffer without checking for available...

7.1CVSS7.5AI score0.00261EPSS

Exploits1References16

RedhatCVE•added 2025/05/23 7:45 a.m.•6 views

CVE-2024-28231

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminate...

9.6CVSS7AI score0.00942EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:43 a.m.•5 views

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PIDPROPERTYLIST parameter that contains a CDR string with length larger than the size of...

8.2CVSS6.7AI score0.00776EPSS

RedhatCVE•added 2025/05/23 4:12 a.m.•5 views

CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

7.5CVSS6.7AI score0.00893EPSS

RedhatCVE•added 2025/05/23 4:12 a.m.•9 views

CVE-2023-39945

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0,...

8.2CVSS6.7AI score0.00808EPSS

RedhatCVE•added 2025/05/22 9:26 p.m.•7 views

CVE-2021-38425

eProsima Fast DDS versions prior to 2.4.0 2269 are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure...

9.1CVSS6.3AI score0.04912EPSS

RedhatCVE•added 2025/05/22 8:9 p.m.•5 views

CVE-2021-38433

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code...

7.8CVSS7.4AI score0.00546EPSS

RedhatCVE•added 2025/05/22 6:51 p.m.•7 views

CVE-2021-43547

TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure...

8.5CVSS6.5AI score0.0237EPSS

RedhatCVE•added 2025/05/22 6:45 p.m.•8 views

CVE-2021-38487

RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure...

9.1CVSS8.9AI score0.03174EPSS

RedhatCVE•added 2025/05/22 6:45 p.m.•7 views

CVE-2021-38427

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code...

7.8CVSS7.4AI score0.00546EPSS