CVE-2025-48174
Publication date 16 May 2025
Last updated 11 July 2025
Ubuntu priority
Description
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libavif | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Not in release |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
4.5 · Medium
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-48174
- https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109
- https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11
- https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029
- https://github.com/AOMediaCodec/libavif/pull/2768