Aomedia Libavif vulnerabilities
4 known vulnerabilities affecting aomedia/libavif.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-48174CRITICALCVSS 9.1fixed in 1.3.02025-05-16
CVE-2025-48174 [CRITICAL] CWE-190 CVE-2025-48174: In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
nvdosv
CVE-2025-48175MEDIUMCVSS 6.5fixed in 1.3.02025-05-16
CVE-2025-48175 [MEDIUM] CWE-190 CVE-2025-48175: In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications in
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
nvdosv
CVE-2023-6704HIGHCVSS 8.8≥ 0, < 1.1.0-12023-12-14
CVE-2023-6704 [HIGH] CVE-2023-6704: Use after free in libavif in Google Chrome prior to 120
Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)
osv
CVE-2020-36407HIGHCVSS 8.8v0.8.0v0.8.12021-07-01
CVE-2020-36407 [HIGH] CWE-787 CVE-2020-36407: libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.
libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.
nvdosv