11.3.0 (unreleased)¶

Security¶

CVE 2025-48379: Write buffer overflow on BCn encoding¶

There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space.

This only affects users who save untrusted data as a compressed DDS image.

Unclear how large the potential write could be. It is likely limited by process segfault, so it’s not necessarily deterministic. It may be practically unbounded.
Unclear if there’s a restriction on the bytes that could be emitted. It’s likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16.

This was introduced in Pillow 11.2.0 when the feature was added.

Deprecations¶

Image.fromarray mode parameter¶

The mode parameter in fromarray() has been deprecated. The mode can be automatically determined from the object’s shape and type instead.

Saving I mode images as PNG¶

In order to fit the 32 bits of I mode images into PNG, when PNG images can only contain at most 16 bits for a channel, Pillow has been clipping the values. Rather than quietly changing the data, this is now deprecated. Instead, the image can be converted to another mode before saving:

from PIL import Image
im = Image.new("I", (1, 1))
im.convert("I;16").save("out.png")

Other changes¶

Added QOI saving¶

Support has been added for saving QOI images. colorspace can be used to specify the colorspace as sRGB with linear alpha, e.g. im.save("out.qoi", colorspace="sRGB"). By default, all channels will be linear.

Support using more screenshot utilities with ImageGrab on Linux¶

grab() is now able to use GNOME Screenshot, grim or Spectacle on Linux in order to take a snapshot of the screen.

Do not build against libavif < 1¶

Pillow only supports libavif 1.0.0 or later. In order to prevent errors when building from source, if a user happens to have an earlier libavif on their system, Pillow will now ignore it.

AVIF support in wheels¶

Support for reading and writing AVIF images is now included in Pillow’s wheels, except for Windows ARM64. libaom is available as an encoder and dav1d as a decoder.

Python 3.14 beta¶

To help other projects prepare for Python 3.14, wheels are now built for the 3.14 beta as a preview. This is not official support for Python 3.14, but rather an opportunity for you to test how Pillow works with the beta and report any problems.