CVE-2025-48174

Name	CVE-2025-48174
Description	In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-4179-1, DSA-5930-1
Debian Bugs	1105885

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libavif (PTS)	bullseye	0.8.4-2+deb11u1	vulnerable
	bullseye (security)	0.8.4-2+deb11u2	fixed
	bookworm	0.11.1-1	vulnerable
	bookworm (security)	0.11.1-1+deb12u1	fixed
	sid, trixie	1.2.1-1.2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
libavif	source	bullseye	0.8.4-2+deb11u2	DLA-4179-1
libavif	source	bookworm	0.11.1-1+deb12u1	DSA-5930-1
libavif	source	(unstable)	1.2.1-1.1		1105885

Notes

https://github.com/AOMediaCodec/libavif/pull/2768
https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029 (v1.3.0)
https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109 (v1.3.0)
https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11 (v1.3.0)