CVE-2025-48175

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions: libavif versions prior to 1.3.0

Description: The issue is related to integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes in the avifImageRGBToYUV function in reformat.c.

Recommendations: For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2025-8867

BDU:2025-11904

CVE-2025-48175

DLA-4179-1

DSA-5930-1

ECHO-FBB1-8D31-9C3D

GHSA-762C-2538-H844

JLSEC-2026-126

MGASA-2025-0257

OPENSUSE-SU-2025:15332-1

SUSE-SU-2025:02816-1

SUSE-SU-2025:02817-1

SUSE-SU-2025:03237-1

SUSE-SU-2025_02816-1

SUSE-SU-2025_02817-1

SUSE-SU-2025_03237-1

Affected Products

Alt Linux

Astra Linux

Debian

Suse

Libavif

CVE-2025-48175

Weakness Enumeration

Related Identifiers

Affected Products

References · 41