Описание
Security update for libavif
This update for libavif fixes the following issues:
- update to 1.3.0:
- CVE-2025-48175: Fixed an integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (bsc#1243270)
- CVE-2025-48174: Fixed an integer overflow and resultant buffer overflow in stream->offset+size. (bsc#1243269)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
libavif16-1.3.0-150600.3.5.1
openSUSE Leap 15.6
avif-tools-1.3.0-150600.3.5.1
gdk-pixbuf-loader-libavif-1.3.0-150600.3.5.1
libavif-devel-1.3.0-150600.3.5.1
libavif16-1.3.0-150600.3.5.1
libavif16-32bit-1.3.0-150600.3.5.1
Ссылки
- Link for SUSE-SU-2025:02817-1
- E-Mail link for SUSE-SU-2025:02817-1
- SUSE Security Ratings
- SUSE Bug 1243269
- SUSE Bug 1243270
- SUSE CVE CVE-2025-48174 page
- SUSE CVE CVE-2025-48175 page
Описание
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libavif16-1.3.0-150600.3.5.1
openSUSE Leap 15.6:avif-tools-1.3.0-150600.3.5.1
openSUSE Leap 15.6:gdk-pixbuf-loader-libavif-1.3.0-150600.3.5.1
openSUSE Leap 15.6:libavif-devel-1.3.0-150600.3.5.1
Ссылки
- CVE-2025-48174
- SUSE Bug 1243269
Описание
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libavif16-1.3.0-150600.3.5.1
openSUSE Leap 15.6:avif-tools-1.3.0-150600.3.5.1
openSUSE Leap 15.6:gdk-pixbuf-loader-libavif-1.3.0-150600.3.5.1
openSUSE Leap 15.6:libavif-devel-1.3.0-150600.3.5.1
Ссылки
- CVE-2025-48175
- SUSE Bug 1243270