CVE-2025-48379 log

Source
Severity High
Remote No
Type Arbitrary code execution
Description
There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space.

This only affects users who save untrusted data as a compressed DDS image.

Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded.
Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16.
This was introduced in Pillow 11.2.0 when the feature was added.
Group Package Affected Fixed Severity Status Ticket
AVG-2906 python-pillow 11.2.0-1 High Vulnerable
References
https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952
Notes
note this affects DDS image handling. May be worth marking as remote since pillow can be used to process images from the network (e.g., as is the case of kodi)