[GH-ISSUE #883] vulnerability in cs249r_book project #1613

New Issue

Closed

opened 2026-04-11 07:58:32 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-11 07:58:32 -05:00

Owner

Copy Link

Originally created by @ankitdn on GitHub (Jul 2, 2025).
Original GitHub issue: https://github.com/harvard-edge/cs249r_book/issues/883

While working on cs249r_book project, I discovered a critical vulnerability CVE-2025-48379 in the pillow package. The vulnerability is a heap buffer overflow in the DDS encoding logic, introduced in version 11.2.0. It can be triggered when processing large DDS images and may lead to crashes or remote code execution.

CVE Link
CVE Report

Originally created by @ankitdn on GitHub (Jul 2, 2025). Original GitHub issue: https://github.com/harvard-edge/cs249r_book/issues/883 While working on cs249r_book project, I discovered a critical vulnerability [CVE-2025-48379](https://vulert.com/vuln-db/CVE-2025-48379) in the pillow package. The vulnerability is a heap buffer overflow in the DDS encoding logic, introduced in version 11.2.0. It can be triggered when processing large DDS images and may lead to crashes or remote code execution. [CVE Link](https://vulert.com/vuln-db/CVE-2025-48379) [CVE Report](https://vulert.com/vuln-scan/list/c851e940-111c-4563-b854-2c8eecc7c733?sort_order=desc&sort_by=created_at)

GiteaMirror added the area: book label 2026-04-11 07:58:32 -05:00

GiteaMirror closed this issue 2026-04-11 07:58:33 -05:00

GiteaMirror referenced this issue 2026-05-03 01:29:22 -05:00

[PR #1618] [MERGED] fix(tinytorch): milestone 3 xor convergence and reporting (#1613, #1614) #9224

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

dev

vol1/ch12

gh-pages

fix/badge-fixes

chore/precommit-cleanup

vol1/ch11

cleanup/book-validate-paths

fix/staffml-trigger-on-workflow-edits

fix/staffml-reusable-concurrency

feat/container-preflight-urls

fix/book-tikz-codespell-leve

vol1/ch10

vol1/ch9

vol1/ch8

main

cleanup/retire-static-fallback

vol1/ch7

vol1/ch6

instructors-v0.1.0

staffml-v0.1.0

vol2-v0.1.0

vol1-v0.6.0

mlsysim-v0.1.1

mlsysim-v0.1.0

tinytorch-v0.1.10

slides-latest

build-verified-windows-v1

tinytorch-v0.1.9

tinytorch-v0.1.8

mit-submission-v1

tinytorch-v0.1.7

tinytorch-v0.1.6

tinytorch-v0.1.5

tinytorch-slides-v0.1.0

tinytorch-v0.1.3

tinytorch-v0.1.4

tinytorch-v0.1.2

tinytorch-v0.1.1

tinytorch-v0.1.0

book-v0.5.1

tinytorch-audio-v0.1.1

tinytorch-audio-assets-v0.1

book-v0.5.0

book-v0.4.2

book-v0.4.1

book-v0.4.0

book-v0.3.0

book-v0.2.0

book-v0.1.0

Labels

Clear labels

area: book

area: collabs

area: kits

area: socratiq

area: tinytorch

area: tools

area: website

bug

dependencies

format: epub

format: pdf

link-health

link-rot

priority-high

pull-request

Mirrored from GitHub Pull Request

staffml

type: bug

type: citation

type: code

type: errata

type: improvement

type: new

type: question

vault-sli

No Label area: book

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/cs249r_book#1613