CVE-2025-48174

Name
CVE-2025-48174
Description
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109
cve@mitre.org https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11
cve@mitre.org https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029
cve@mitre.org https://github.com/AOMediaCodec/libavif/pull/2768
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/05/msg00031.html

Match rules

CPE URI Source package Min version Max version
libavif >= 0 < 1.3.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libavif edge-main 1.2.1-r1 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
libavif edge-main 1.2.1-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
libavif edge-main 1.2.0-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
libavif edge-main 1.1.1-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
libavif edge-main 1.0.4-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
libavif 3.21-main 1.0.4-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
libavif 3.20-main 1.0.4-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
libavif 3.19-main 1.0.3-r0 Bart Ribbers <bribbers@disroot.org> possibly vulnerable