VulnerableCode Package Details - pkg:deb/debian/libavif@0.8.4-2%2Bdeb11u2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-m229-g3dn-pbbg	In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.	CVE-2025-48174
VCID-vpe9-3csn-vyf1	In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.	CVE-2025-48175

Vulnerability

Summary

Aliases

VCID-m229-g3dn-pbbg

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.

CVE-2025-48174

VCID-vpe9-3csn-vyf1

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

CVE-2025-48175

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:14:21.141140+00:00	Debian Importer	Fixing	VCID-vpe9-3csn-vyf1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:57:59.613741+00:00	Debian Importer	Fixing	VCID-m229-g3dn-pbbg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:22:19.408637+00:00	Debian Importer	Fixing	VCID-vpe9-3csn-vyf1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:00:54.113392+00:00	Debian Importer	Fixing	VCID-m229-g3dn-pbbg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:28:30.238705+00:00	Debian Importer	Fixing	VCID-vpe9-3csn-vyf1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:28:30.181436+00:00	Debian Importer	Fixing	VCID-m229-g3dn-pbbg	https://security-tracker.debian.org/tracker/data/json	38.1.0