CVE-2020-36407

Name of the Vulnerable Software and Affected Versions libavif versions 0.8.0 through 0.8.1

Description The issue is related to an out-of-bounds write in the avifDecoderDataFillImageGrid function of the libavif library, which is used for encoding and decoding .avif files. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For libavif versions 0.8.0 and 0.8.1, consider disabling the avifDecoderDataFillImageGrid function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.