libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.
"https://github.com/pypa/advisory-database/blob/main/vulns/avif/PYSEC-2021-892.yaml"