CVE-2025-48175 Information

Description

In libavif before 1.3.0 avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes yRowBytes uRowBytes and vRowBytes.

Reference

https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd https://github.com/AOMediaCodec/libavif/pull/2769 https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844