CVE-2025-48379 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary code execution
Description	There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded. Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16. This was introduced in Pillow 11.2.0 when the feature was added.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2906	python-pillow	11.2.0-1		High	Vulnerable

References
https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952

Notes
note this affects DDS image handling. May be worth marking as remote since pillow can be used to process images from the network (e.g., as is the case of kodi)