CVE-2020-36407Out-of-bounds Write in Libavif

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 35.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Aomedia LibavifDebian Libavif
Timeline
PublishedJul 1
Latest updateMay 24

Description

libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/libavif< libavif 0.8.2-1 (bookworm)
Debianaomedia/libavif< 0.8.2-1+3
NVDaomedia/libavif0.8.0, 0.8.1+1

Patches

Patch: bugs.chromium.orgPatch: github.comPatch: bugs.chromium.org

🔴Vulnerability Details

2
GHSA
GHSA-5fvj-fm55-q8qx: libavif 02022-05-24
OSV
CVE-2020-36407: libavif 02021-07-01

📋Vendor Advisories

1
Debian
CVE-2020-36407: libavif - libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGr...2020