CVE-2025-48174
- Source
- https://cve.org/CVERecord?id=CVE-2025-48174
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48174.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-48174
- Downstream
- Related
- Published
- 2025-05-16T05:15:37.213Z
- Modified
- 2026-03-23T05:00:35.292730026Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
- References
-
- https://lists.debian.org/debian-lts-announce/2025/05/msg00031.html
- https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109
- https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11
- https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029
- https://github.com/AOMediaCodec/libavif/pull/2768
Affected packages
Git / github.com/aomediacodec/libavif
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.10.0
v0.10.1
v0.11.0
v0.11.0-rc1
v0.11.1
v0.11.1-rc1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.2.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48174.json"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/stream.c"
},
"source": "https://github.com/aomediacodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109",
"deprecated": false,
"id": "CVE-2025-48174-31c5552e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60018159898250135578006914648390099566",
"254882790782810017276847077533830148759",
"130630794033541735783879164552217281264",
"203240105109406447935321436661170943938",
"95657220151607771881684984451807902843",
"80768894366394929730227955758670528978",
"178151776124528018174194195542829765550"
]
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "122131982172295128695689603529704441154",
"length": 305.0
},
"source": "https://github.com/aomediacodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109",
"id": "CVE-2025-48174-73d72f40",
"target": {
"file": "src/stream.c",
"function": "makeRoom"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/stream.c",
"function": "makeRoom"
},
"digest": {
"function_hash": "3283839707784579655907692435808851062",
"length": 234.0
},
"source": "https://github.com/aomediacodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029",
"id": "CVE-2025-48174-75987f9f",
"deprecated": false
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60018159898250135578006914648390099566",
"191571056920798847750635278987028407229",
"324644747019893269659918239621612300477",
"19360956784866053147754524326384477675"
]
},
"source": "https://github.com/aomediacodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029",
"id": "CVE-2025-48174-ecbb1cef",
"target": {
"file": "src/stream.c"
}
}
]