Skip to main content
Version: latest

CVE-2025-48174

CVE Details

Visit the official vulnerability details page for CVE-2025-48174 to learn more.

Initial Publication

05/17/2025

Last Update

06/24/2025

Third Party Dependency

libavif15

NIST CVE Summary

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.

CVE Severity

9.1

Our Official Summary

This pertains to a critical integer overflow vulnerability in the libavif library versions prior to 1.3.0. This flaw resides in the makeRoom function within stream.c, where improper calculations of buffer sizes can lead to a buffer overflow, potentially allowing attackers to execute arbitrary code or cause a denial of service.

This issue is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.6.41⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact

Revision History

DateRevision
06/17/2025Status changed from Open to Ongoing
06/17/2025Official summary added
06/05/2025Advisory assigned with CRITICAL severity