Mageia: Security Advisory (MGASA-2025-0257)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2020-23935

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-48175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

Integer Overflow

libavif is vulnerable to Integer Overflow. The vulnerability is due to integer overflow due to unsafe multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes in the avifImageRGBToYUV function in reformat.c...

Buffer Overflow

libavif is vulnerable to Buffer Overflow. The vulnerability is due to integer overflow due to improper bounds checking when calculating stream-offset + size in makeRoom in stream.c, which can lead to a buffer overflow...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48175

Summary (CVE-2025-48175) In libavif prior to 1.3.0, the function avifImageRGBToYUV in reformat.c contains integer overflows during multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. This is documented across multiple vendor advisories (e.g., Debian, SUSE) updating to 1.3....

CVE-2025-48174

In libavif offset+size (CVE-2025-48174). This is the primary CVE described; related advisories (e.g., SUSE security updates and Debian security advisory) indicate upgrading to libavif 1.3.0 or later mitigates the issue. Affected products include various Linux distributions; patches explicitly fix...

The vulnerability of the Libavif library for encoding and decoding .avif files allows a perpetrator to execute arbitrary code or cause a service failure. This vulnerability is present in Google Chrome browsers.

The vulnerability of the Libavif library for encoding and decoding .avif files in Google Chrome’s Google Chrome browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause a service failure through a...

The vulnerability of the Libavif library for encoding and decoding .avif files allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information. This vulnerability is exploitable through attacks using Google Chrome and Microsoft Edge browsers.

The vulnerability of the Libavif library for encoding and decoding .avif files in Google Chrome and Microsoft Edge browsers is related to the issue of operations going beyond the buffer boundaries in memory when processing .avif files. Exploiting this vulnerability can allow an attacker to...

SUSE CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

DEBIAN-CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...