Mageia: Security Advisory (MGASA-2025-0257)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2020-23935

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-48175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

Integer Overflow

libavif is vulnerable to Integer Overflow. The vulnerability is due to integer overflow due to unsafe multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes in the avifImageRGBToYUV function in reformat.c...

Buffer Overflow

libavif is vulnerable to Buffer Overflow. The vulnerability is due to integer overflow due to improper bounds checking when calculating stream-offset + size in makeRoom in stream.c, which can lead to a buffer overflow...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48174

In libavif offset+size (CVE-2025-48174). This is the primary CVE described; related advisories (e.g., SUSE security updates and Debian security advisory) indicate upgrading to libavif 1.3.0 or later mitigates the issue. Affected products include various Linux distributions; patches explicitly fix...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48175

Summary (CVE-2025-48175) In libavif prior to 1.3.0, the function avifImageRGBToYUV in reformat.c contains integer overflows during multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. This is documented across multiple vendor advisories (e.g., Debian, SUSE) updating to 1.3....

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

SUSE CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

DEBIAN-CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...