PYSEC-2021-892

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/avif/PYSEC-2021-892.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-892
Aliases
Published
2021-07-01T03:15:08.033Z
Modified
2026-07-13T07:15:15.718824355Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.

References

Affected packages

PyPI / avif

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.8.0
Last affected
0.8.1

Affected versions

0.*
0.1.0
0.1.1
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.4.0
0.5.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/avif/PYSEC-2021-892.yaml"