rpi-buildroot/libavif.hash at 0964bf05e9bf136b6ee3c86461b9d3a94f8a038d - rpi-buildroot - Gitea: Git with a cup of tea

Projetos/rpi-buildroot

Files

Thomas Perale 0c1fa0bce1 package/libavif: security bump to v1.3.0

Fixes the following security issues:

- CVE-2025-48174: makeRoom in stream.c has an integer overflow and
    resultant buffer overflow in stream->offset+size.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-48174
  - https://github.com/AOMediaCodec/libavif/pull/2768/commits

- CVE-2025-48175: avifImageRGBToYUV in reformat.c has integer overflows
    in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and
    vRowBytes.

For more information, see:
  - https://nvd.nist.gov/vuln/detail/CVE-2025-48175
  - 64d956ed5a

For more details on the version bump, see:
  - https://github.com/AOMediaCodec/libavif/releases/tag/v1.3.0
  - https://github.com/AOMediaCodec/libavif/releases/tag/v1.2.1
  - https://github.com/AOMediaCodec/libavif/releases/tag/v1.2.0

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>

2025-06-30 22:05:54 +02:00

4 lines

178 B

Plaintext

Raw Blame History

	`sha256 0a545e953cc049bf5bcf4ee467306a2f113a75110edf59e61248873101cd26c1 libavif-1.3.0.tar.gz`

	`sha256 165abf92cc04b39e80d29cadea7a6a7e8fddf59407d4ad2616507a7ebe8216f9 LICENSE`