VDB

CVE-2025-48175

CVE-2025-48175 PUBLISHED CVSS 4.5 MEDIUM

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

EPSS 0.34% · 57.4th percentile

Risk Scores

CVSS 3.1
4.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
EPSS Score
0.34%
57.4th percentile

Affected Products

VendorProductVersions
aomedialibavif0, 0, 0

Timeline

  • May 16, 2025 CVE Published
  • May 16, 2025 EPSS Score
  • May 27, 2025 EPSS Score
  • Jun 8, 2025 EPSS Score
  • Jun 19, 2025 EPSS Score
  • Jun 30, 2025 EPSS Score
  • Jul 12, 2025 EPSS Score
  • Jul 23, 2025 EPSS Score
  • Aug 3, 2025 EPSS Score
  • Aug 15, 2025 EPSS Score
  • Aug 17, 2025 PoC Published
  • Aug 26, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›