vulnerability
Arch Linux: Arbitrary code execution (CVE-2025-48379)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:S/C:N/I:C/A:C) | Jul 1, 2025 | Jul 11, 2025 | Nov 27, 2025 |
Severity
6
CVSS
(AV:L/AC:L/Au:S/C:N/I:C/A:C)
Published
Jul 1, 2025
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space.
This only affects users who save untrusted data as a compressed DDS image.
Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded.
Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16.
This was introduced in Pillow 11.2.0 when the feature was added.
This only affects users who save untrusted data as a compressed DDS image.
Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded.
Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16.
This was introduced in Pillow 11.2.0 when the feature was added.
Solution
arch-linux-upgrade-latest
References
- CVE-2025-48379
- https://attackerkb.com/topics/CVE-2025-48379
- URL-https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4
- URL-https://github.com/python-pillow/Pillow/pull/9041
- URL-https://github.com/python-pillow/Pillow/releases/tag/11.3.0
- URL-https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952
- CWE-122
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.