CVE-2025-48175

Sažetak

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

Reference

https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd
https://github.com/AOMediaCodec/libavif/pull/2769
https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844

CVSS

Base:	4.5
Impact:	2.7
Exploitability:	1.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	LOW

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

Zadnje važnije ažuriranje

16-05-2025 - 14:42

Objavljeno

16-05-2025 - 05:15