CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48174 – Debian Security Advisory 5930-1
https://notcve.org/view.php?id=CVE-2025-48174
16 May 2025 — In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. Multiple vulnerabilities were discovered in libavif, a library for handling.avif files, which could result in denial of service or potentially the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 0.11.1-1+deb12u1. • https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48175 – Debian Security Advisory 5930-1
https://notcve.org/view.php?id=CVE-2025-48175
16 May 2025 — In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. Multiple vulnerabilities were discovered in libavif, a library for handling.avif files, which could result in denial of service or potentially the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 0.11.1-1+deb12u1. • https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5171 – heap buffer overflow in libaom
https://notcve.org/view.php?id=CVE-2024-5171
05 Jun 2024 — Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer si... • https://issues.chromium.org/issues/332382766 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6879 – heap buffer overflow in libaom
https://notcve.org/view.php?id=CVE-2023-6879
27 Dec 2023 — Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Aumentar la resolución de los fotogramas de vídeo, mientras se realiza una codificación multiproceso, puede provocar un desbordamiento del montón en av1_loop_restoration_dealloc(). This update for libaom, libyuv fixes the following issues. • https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39616
https://notcve.org/view.php?id=CVE-2023-39616
29 Aug 2023 — AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. Se ha descubierto que AOMedia v3.0.0 a v3.5.0 contiene un acceso no válido a la memoria de lectura a través del componente "assign_frame_buffer_p in av1/common/av1_common_int.h. ". • https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36129 – Gentoo Linux Security Advisory 202401-32
https://notcve.org/view.php?id=CVE-2020-36129
02 Dec 2021 — AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. Se ha detectado que AOM versión v2.0.1, contiene un desbordamiento del búfer de la pila por medio del componente src/aom_image.c An update that fixes four vulnerabilities is now available. This update for libaom fixes the following issues. Fixed stack buffer overflow via the component src/aom_image.c. Fixed stack buffer overflow via the component stats/rate_hist.c. • https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36130 – Gentoo Linux Security Advisory 202401-32
https://notcve.org/view.php?id=CVE-2020-36130
02 Dec 2021 — AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. Se ha detectado que AOM versión v2.0.1, contiene una desreferencia de puntero NULL por medio del componente av1/av1_dx_iface.c An update that fixes four vulnerabilities is now available. This update for libaom fixes the following issues. Fixed stack buffer overflow via the component src/aom_image.c. Fixed stack buffer overflow via the component stats/rate_hist.c. • https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36131 – Gentoo Linux Security Advisory 202401-32
https://notcve.org/view.php?id=CVE-2020-36131
02 Dec 2021 — AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. Se ha detectado que AOM versión v2.0.1, contenía un desbordamiento del búfer de la pila por medio del componente stats/rate_hist.c An update that fixes four vulnerabilities is now available. This update for libaom fixes the following issues. Fixed stack buffer overflow via the component src/aom_image.c. Fixed stack buffer overflow via the component stats/rate_hist.c. • https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36133 – Gentoo Linux Security Advisory 202401-32
https://notcve.org/view.php?id=CVE-2020-36133
02 Dec 2021 — AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. Se ha detectado que AOM versión v2.0.1, contiene un desbordamiento de búfer global por medio del componente av1/encoder/partition_search.h Multiple security vulnerabilities have been discovered in aom, the AV1 Video Codec Library. Buffer overflows, use-after-free and NULL pointer dereferences may cause a denial of service or other unspecified impact if a malformed multimedia file is processed. • https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36134 – Gentoo Linux Security Advisory 202401-32
https://notcve.org/view.php?id=CVE-2020-36134
02 Dec 2021 — AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. Se ha detectado que AOM versión v2.0.1, contiene una violación de segmentación por medio del componente aom_dsp/x86/obmc_sad_avx2.c Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. Versions greater than or equal to 3.2.0 are affected. • https://bugs.chromium.org/p/aomedia/issues/detail?id=2914 • CWE-125: Out-of-bounds Read •