CVE-2025-48175 is a medium-severity integer overflow vulnerability identified in the libavif library, specifically in versions prior to 1.3.0. Libavif is an open-source library used for encoding and decoding AVIF image files, which are based on the AV1 video codec and increasingly adopted for efficient image compression. The vulnerability exists in the function avifImageRGBToYUV within the reformat.c source file. This function performs color space conversion from RGB to YUV, involving calculations with row byte sizes for RGB, Y, U, and V components. The integer overflow occurs during multiplications involving these row byte variables (rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes). An integer overflow or wraparound can lead to incorrect memory allocation or buffer size calculations, potentially causing buffer overflows or memory corruption. This can result in denial of service or possibly code execution under certain conditions. The CVSS 3.1 base score is 4.5, reflecting a medium severity with the following vector: Attack Vector: Local (AV:L), Attack Complexity: High (AC:H), Privileges Required: None (PR:N), User Interaction: None (UI:N), Scope: Changed (S:C), Confidentiality: None (C:N), Integrity: Low (I:L), Availability: Low (A:L). The vulnerability requires local access and has a high complexity to exploit, with no user interaction needed and no privileges required. The scope is changed, indicating that the vulnerability can affect components beyond the initially vulnerable component. No known exploits are reported in the wild as of the publication date. No patches or fixes are linked yet, indicating that remediation may be pending or in progress. Given the nature of libavif as a widely used image processing library embedded in various applications and systems, this vulnerability could be leveraged in scenarios where untrusted AVIF images are processed locally, such as in image viewers, editors, or other multimedia software.

For European organizations, the impact of CVE-2025-48175 depends on the extent of libavif usage within their software stack. Organizations relying on software that processes AVIF images locally—such as media companies, digital content providers, software developers, and enterprises using AVIF-supporting applications—may be at risk. Successful exploitation could lead to local denial of service or limited integrity compromise, potentially disrupting workflows or causing application crashes. Although remote exploitation is not indicated, insider threats or malicious files introduced via removable media or internal networks could trigger the vulnerability. The changed scope suggests that exploitation might affect other components or escalate impact beyond the immediate library. Given the increasing adoption of AVIF for web and media content in Europe, especially in industries emphasizing efficient image compression, this vulnerability could affect a broad range of endpoints. However, the requirement for local access and high attack complexity limits the likelihood of widespread exploitation. Still, targeted attacks against high-value systems processing AVIF images could leverage this flaw to disrupt services or corrupt data.

European organizations should proactively identify all software and systems that incorporate libavif, particularly versions prior to 1.3.0. Since no official patches are linked yet, organizations should monitor vendor advisories and update to libavif 1.3.0 or later once available. In the interim, restrict local access to systems processing AVIF images to trusted users only, and implement strict file validation and sandboxing for AVIF image processing applications to limit potential damage from malformed files. Employ application whitelisting and endpoint protection solutions capable of detecting anomalous behavior related to image processing. Additionally, conduct code audits or use static analysis tools on in-house software that integrates libavif to identify and mitigate unsafe usage patterns. Network segmentation and strict control over removable media can reduce the risk of malicious AVIF files reaching vulnerable systems. Finally, raise user awareness about the risks of opening untrusted image files locally.