CVE-2025-48174

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-48174

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48174.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48174

Downstream

DEBIAN-CVE-2025-48174

DLA-4179-1

DSA-5930-1

ECHO-e3e3-da97-93f7

JLSEC-2026-125

MGASA-2025-0257

SUSE-SU-2025:02816-1

SUSE-SU-2025:02817-1

SUSE-SU-2025:03237-1

UBUNTU-CVE-2025-48174

openSUSE-SU-2025:15320-1

Related

Published

2025-05-16T05:15:37.213Z

Modified

2026-04-16T04:39:21.502315920Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.

References

Affected packages

Git / github.com/aomediacodec/libavif

Affected ranges

Type

GIT

Repo

https://github.com/aomediacodec/libavif

Events

Introduced

Fixed

1aadfad932c98c069a1204261b1856f81f3bc199

Fixed

50a743062938a3828581d725facc9c2b92a1d109

Fixed

c9f1bea437f21cb78f9919c332922a3b0ba65e11

Fixed

e5fdefe7d1776e6c4cf1703c163a8c0535599029

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.0"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.10.0

v0.10.1

v0.11.0

v0.11.0-rc1

v0.11.1

v0.11.1-rc1

v0.2.0

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.2.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-48174-75987f9f",
        "target": {
            "file": "src/stream.c",
            "function": "makeRoom"
        },
        "signature_version": "v1",
        "source": "https://github.com/aomediacodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029",
        "deprecated": false,
        "digest": {
            "length": 234.0,
            "function_hash": "3283839707784579655907692435808851062"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2025-48174-ecbb1cef",
        "target": {
            "file": "src/stream.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/aomediacodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "60018159898250135578006914648390099566",
                "191571056920798847750635278987028407229",
                "324644747019893269659918239621612300477",
                "19360956784866053147754524326384477675"
            ]
        }
    }
]

vanir_signatures_modified

"2026-04-12T15:59:37Z"

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48174.json"