Debian Libavif vulnerabilities

6 known vulnerabilities affecting debian/libavif.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2025-48174MEDIUMCVSS 4.5fixed in libavif 0.11.1-1+deb12u1 (bookworm)2025

CVE-2025-48174 [MEDIUM] CVE-2025-48174: libavif - In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and result... In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. Scope: local bookworm: resolved (fixed in 0.11.1-1+deb12u1) bullseye: resolved (fixed in 0.8.4-2+deb11u2) forky: resolved (fixed in 1.2.1-1.1) sid: resolved (fixed in 1.2.1-1.1) trixie: resolved (fixed in 1.2.1-1.1)

CVE-2025-48175MEDIUMCVSS 4.5fixed in libavif 0.11.1-1+deb12u1 (bookworm)2025

CVE-2025-48175 [MEDIUM] CVE-2025-48175: libavif - In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows i... In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. Scope: local bookworm: resolved (fixed in 0.11.1-1+deb12u1) bullseye: resolved (fixed in 0.8.4-2+deb11u2) forky: resolved (fixed in 1.2.1-1.1) sid: resolved (fixed in 1.2.1-1.1) trixie: resolved (fixed in 1.2

CVE-2023-6350HIGHCVSS 8.8fixed in chromium 119.0.6045.199-1~deb12u1 (bookworm)2023

CVE-2023-6350 [HIGH] CVE-2023-6350: chromium - Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a rem... Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.199-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.199-1~deb11u1) forky: resolved (fixed in 119.0.6045.199-1) sid: resol

CVE-2023-6704HIGHCVSS 8.8fixed in chromium 120.0.6099.109-1~deb12u1 (bookworm)2023

CVE-2023-6704 [HIGH] CVE-2023-6704: chromium - Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a rem... Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.109-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.109-1~deb11u1) forky: resolved (fixed in 120.0.6099.109-1) sid: reso

CVE-2023-6351HIGHCVSS 8.8fixed in chromium 119.0.6045.199-1~deb12u1 (bookworm)2023

CVE-2023-6351 [HIGH] CVE-2023-6351: chromium - Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a rem... Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.199-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.199-1~deb11u1) forky: resolved (fixed in 119.0.6045.199-1) sid: resol

CVE-2020-36407HIGHCVSS 8.8fixed in libavif 0.8.2-1 (bookworm)2020

CVE-2020-36407 [HIGH] CVE-2020-36407: libavif - libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGr... libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. Scope: local bookworm: resolved (fixed in 0.8.2-1) bullseye: resolved (fixed in 0.8.2-1) forky: resolved (fixed in 0.8.2-1) sid: resolved (fixed in 0.8.2-1) trixie: resolved (fixed in 0.8.2-1)