CVE-2025-48174: CWE-190 Integer Overflow or Wraparound in aomedia libavif
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
AI Analysis
Technical Summary
CVE-2025-48174 is a medium-severity vulnerability identified in the libavif library, a widely used open-source implementation for encoding and decoding AVIF image files. The vulnerability resides in the makeRoom function within stream.c, where an integer overflow occurs when calculating stream->offset + size. This overflow can wrap around the integer value, causing the program to allocate insufficient buffer space. Consequently, a buffer overflow may occur when data is written beyond the allocated memory, potentially leading to memory corruption, application crashes, or other undefined behavior. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound). The CVSS v3.1 score is 4.5, reflecting a local attack vector with high attack complexity, no privileges required, no user interaction, and a scope change. The impact affects integrity and availability but not confidentiality. No patches or exploits are currently publicly available, but the issue is reserved and published as of May 16, 2025. This vulnerability is particularly relevant for applications processing AVIF images using libavif versions prior to 1.3.0, which may be embedded in web browsers, media players, or image processing tools. Exploitation requires local access, making remote exploitation unlikely without additional vulnerabilities.
Potential Impact
For European organizations, the impact of CVE-2025-48174 depends on the extent of libavif usage in their software stack. Organizations involved in digital media, content delivery, and software development that process AVIF images could face risks of application instability or denial of service due to crashes from buffer overflows. While confidentiality is not directly impacted, integrity and availability of affected applications could be compromised, potentially disrupting business operations. The local attack vector and high complexity reduce the likelihood of widespread exploitation, but insider threats or compromised local systems could leverage this vulnerability. Industries such as media production, digital publishing, and software vendors in Europe may be more exposed. Additionally, embedded systems or IoT devices using libavif could be indirectly affected if they process AVIF images without proper updates.
Mitigation Recommendations
To mitigate CVE-2025-48174, European organizations should prioritize upgrading libavif to version 1.3.0 or later once the patch is released. Until then, applying strict input validation on AVIF image files to detect malformed or suspicious data can reduce risk. Employing memory safety tools such as AddressSanitizer during development and testing can help identify similar issues early. Restricting local access to systems processing AVIF images limits the attack surface. Organizations should also monitor for updates from the aomedia project and subscribe to vulnerability advisories. For embedded or IoT devices, firmware updates should be planned to include patched libavif versions. Finally, implementing runtime protections like sandboxing or process isolation for applications handling AVIF images can contain potential exploitation impacts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy
CVE-2025-48174: CWE-190 Integer Overflow or Wraparound in aomedia libavif
Description
In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
AI-Powered Analysis
Technical Analysis
CVE-2025-48174 is a medium-severity vulnerability identified in the libavif library, a widely used open-source implementation for encoding and decoding AVIF image files. The vulnerability resides in the makeRoom function within stream.c, where an integer overflow occurs when calculating stream->offset + size. This overflow can wrap around the integer value, causing the program to allocate insufficient buffer space. Consequently, a buffer overflow may occur when data is written beyond the allocated memory, potentially leading to memory corruption, application crashes, or other undefined behavior. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound). The CVSS v3.1 score is 4.5, reflecting a local attack vector with high attack complexity, no privileges required, no user interaction, and a scope change. The impact affects integrity and availability but not confidentiality. No patches or exploits are currently publicly available, but the issue is reserved and published as of May 16, 2025. This vulnerability is particularly relevant for applications processing AVIF images using libavif versions prior to 1.3.0, which may be embedded in web browsers, media players, or image processing tools. Exploitation requires local access, making remote exploitation unlikely without additional vulnerabilities.
Potential Impact
For European organizations, the impact of CVE-2025-48174 depends on the extent of libavif usage in their software stack. Organizations involved in digital media, content delivery, and software development that process AVIF images could face risks of application instability or denial of service due to crashes from buffer overflows. While confidentiality is not directly impacted, integrity and availability of affected applications could be compromised, potentially disrupting business operations. The local attack vector and high complexity reduce the likelihood of widespread exploitation, but insider threats or compromised local systems could leverage this vulnerability. Industries such as media production, digital publishing, and software vendors in Europe may be more exposed. Additionally, embedded systems or IoT devices using libavif could be indirectly affected if they process AVIF images without proper updates.
Mitigation Recommendations
To mitigate CVE-2025-48174, European organizations should prioritize upgrading libavif to version 1.3.0 or later once the patch is released. Until then, applying strict input validation on AVIF image files to detect malformed or suspicious data can reduce risk. Employing memory safety tools such as AddressSanitizer during development and testing can help identify similar issues early. Restricting local access to systems processing AVIF images limits the attack surface. Organizations should also monitor for updates from the aomedia project and subscribe to vulnerability advisories. For embedded or IoT devices, firmware updates should be planned to include patched libavif versions. Finally, implementing runtime protections like sandboxing or process isolation for applications handling AVIF images can contain potential exploitation impacts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-05-16T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fa1484d88663aebed6
Added to database: 5/20/2025, 6:59:06 PM
Last enriched: 11/4/2025, 1:28:26 AM
Last updated: 11/20/2025, 6:39:19 AM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-12502: CWE-89 SQL Injection in attention-bar
HighCVE-2025-12778: CWE-862 Missing Authorization in userelements Ultimate Member Widgets for Elementor – WordPress User Directory
MediumRCE via a malicious SVG in mPDF
MediumCVE-2025-13451: SQL Injection in SourceCodester Online Shop Project
MediumCVE-2025-13450: Cross Site Scripting in SourceCodester Online Shop Project
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.