CVE-2025-48174
CVE Details
Visit the official vulnerability details page for CVE-2025-48174 to learn more.
Initial Publication
05/17/2025
Last Update
06/24/2025
Third Party Dependency
libavif15
NIST CVE Summary
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
CVE Severity
Our Official Summary
This pertains to a critical integer overflow vulnerability in the libavif library versions prior to 1.3.0. This flaw resides in the makeRoom function within stream.c, where improper calculations of buffer sizes can lead to a buffer overflow, potentially allowing attackers to execute arbitrary code or cause a denial of service.
This issue is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 06/17/2025 | Status changed from Open to Ongoing |
| 06/17/2025 | Official summary added |
| 06/05/2025 | Advisory assigned with CRITICAL severity |