package/libavif: security bump to v1.3.0
Fixes the following security issues:
- CVE-2025-48174: makeRoom in stream.c has an integer overflow and
resultant buffer overflow in stream->offset+size.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-48174
- https://github.com/AOMediaCodec/libavif/pull/2768/commits
- CVE-2025-48175: avifImageRGBToYUV in reformat.c has integer overflows
in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and
vRowBytes.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-48175
- 64d956ed5a
For more details on the version bump, see:
- https://github.com/AOMediaCodec/libavif/releases/tag/v1.3.0
- https://github.com/AOMediaCodec/libavif/releases/tag/v1.2.1
- https://github.com/AOMediaCodec/libavif/releases/tag/v1.2.0
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 0c1fa0bce1)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
92acdeea7e