CVE-2025-48175 MEDIUM

CVE-2025-48175

Vendor Aomedia
Product libavif
Weakness CWE-190
Published May 16, 2025
Last update November 3, 2025

CVSS base score

4.5/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

Key dates

02Disclosure timeline

May 16, 2025 CVE published
November 3, 2025 Record updated