CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-48175: In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and...

4.5 CVSS

Description

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

Classification

CVE ID: CVE-2025-48175

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.5

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.12% (scored less or equal to compared to others)

EPSS Date: 2025-06-14 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48175
https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd
https://github.com/AOMediaCodec/libavif/pull/2769
https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844

Timeline

2025-05-16 05:40:17 UTC
CVE

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and...