rpm package
suse/libavif&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/libavif&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48175 | — | < 1.3.0-150400.3.6.1 | 1.3.0-150400.3.6.1 | May 16, 2025 | In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. | ||
| CVE-2025-48174 | — | < 1.3.0-150400.3.6.1 | 1.3.0-150400.3.6.1 | May 16, 2025 | In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. | ||
| CVE-2023-6351 | — | < 1.3.0-150400.3.6.1 | 1.3.0-150400.3.6.1 | Nov 29, 2023 | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) | ||
| CVE-2023-6350 | — | < 1.3.0-150400.3.6.1 | 1.3.0-150400.3.6.1 | Nov 29, 2023 | Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) |
- CVE-2025-48175May 16, 2025affected < 1.3.0-150400.3.6.1fixed 1.3.0-150400.3.6.1
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
- CVE-2025-48174May 16, 2025affected < 1.3.0-150400.3.6.1fixed 1.3.0-150400.3.6.1
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
- CVE-2023-6351Nov 29, 2023affected < 1.3.0-150400.3.6.1fixed 1.3.0-150400.3.6.1
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
- CVE-2023-6350Nov 29, 2023affected < 1.3.0-150400.3.6.1fixed 1.3.0-150400.3.6.1
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)