Bug#1105883: marked as done (libavif: CVE-2025-48175)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 17 May 2025 15:49:05 +0000
with message-id <E1uGJmb-00CV8x-Mr@fasolo.debian.org>
and subject line Bug#1105883: fixed in libavif 1.2.1-1.1
has caused the Debian Bug report #1105883,
regarding libavif: CVE-2025-48175
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1105883: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105883
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: libavif: CVE-2025-48175
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Fri, 16 May 2025 17:44:36 +0200
• Message-id: <[🔎] 174741027642.4051755.7300631652800110589.reportbug@eldamar.lan>

Source: libavif
Version: 1.2.1-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/AOMediaCodec/libavif/pull/2769
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for libavif.

CVE-2025-48175[0]:
| In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer
| overflows in multiplications involving rgbRowBytes, yRowBytes,
| uRowBytes, and vRowBytes.

The report at [1] is not public yet at time of writing this bugreport.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-48175
    https://www.cve.org/CVERecord?id=CVE-2025-48175
[1] https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844
[2] https://github.com/AOMediaCodec/libavif/pull/2769


Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 1105883-close@bugs.debian.org
• Subject: Bug#1105883: fixed in libavif 1.2.1-1.1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sat, 17 May 2025 15:49:05 +0000
• Message-id: <E1uGJmb-00CV8x-Mr@fasolo.debian.org>
• Reply-to: Salvatore Bonaccorso <carnil@debian.org>

Source: libavif
Source-Version: 1.2.1-1.1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
libavif, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1105883@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libavif package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 May 2025 16:03:36 +0200
Source: libavif
Architecture: source
Version: 1.2.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1105883 1105885
Changes:
 libavif (1.2.1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Add integer overflow checks to makeRoom (CVE-2025-48174) (Closes:
     #1105885)
   * Add integer overflow check to makeRoom (CVE-2025-48174) (Closes: #1105885)
   * Fix format errors (CVE-2025-48174) (Closes: #1105885)
   * Declare *RowBytes as size_t in avifImageRGBToYUV() (CVE-2025-48175)
     (Closes: #1105883)
Checksums-Sha1:
 a0ad0728938d35748ccbbfdf9653b708b2008e30 3022 libavif_1.2.1-1.1.dsc
 748bf2c2eb676b37b9f5fba1af78db2afa26de25 13368 libavif_1.2.1-1.1.debian.tar.xz
 9d3caf13de39f09a6215ad18fd4f964638dbc83c 7062 libavif_1.2.1-1.1_source.buildinfo
Checksums-Sha256:
 e03ab313572372a52ebf18d100c4506fefbced99059f61e411c5085c51e4d2ac 3022 libavif_1.2.1-1.1.dsc
 dee27c52a59e7359f5f668bf695d6135ef12f8a6987c9ebeb58a3872ee5cce81 13368 libavif_1.2.1-1.1.debian.tar.xz
 54e5bce8cd5e5de6ea84709cd9d8e7602a2e127a55d2891d8edc748e1c68e7ad 7062 libavif_1.2.1-1.1_source.buildinfo
Files:
 6b709af22dbebc027e3eaa4b0c7e0661 3022 libs optional libavif_1.2.1-1.1.dsc
 9b2c19b8a07d1f598f4a8420cad53fe8 13368 libs optional libavif_1.2.1-1.1.debian.tar.xz
 e891dcbf021a91903a518ef2c663f66f 7062 libs optional libavif_1.2.1-1.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmgombZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EEf8P/3uKGB3uBvRPJfOKnq55TY5ULUor5ip3
iHovkYeTeVxYDd2m+wm/5aQMrRlnc7Bws3s6UxnUTpQbWIIjlFU7dPbSGEDkW2Bs
Qa/V9TDrO520m0c7vVCP6tBVlGTHzNNXrKjmF2yqz1efJELxcQvhJOnjIk3B/bVU
CaLnOeCAeeXbegKXxmybD2+cza0kvk0ixewwTlr2PkZINZJAFpoGMNhawa8LXTxF
OHVUK/VJMnaLCW8q+N260tHdk/QMSDrZSuATIwidlmri7CNpb6MAxK7j3kpYrjPu
y6va2hijzSQpmJcwwUvBn/5jNO4H5hZL9rRybIUQSAILaj3Rk2spKazTB7Jzoicl
4Bh0JOakA7ux83wI3Lq+3COcqjW4gGWbeop3pm5kWypKkkGJMDT3XmDsOIl1/5F5
Fd3RZtnDGTQiJqaS3edeUAiVcLyUY8bSgipufXNNPXNphwVTromz99Wbcf5rOH2W
9MuVxo5UV5YPjRM+L6F82Udwp9pJzc2ShTmDp5orqJ+NHxVJV35jFiGGd49eGF+Y
WEqSOnoy3Gb3G1d30shsTXjDmi4UxWgUITbYbccTCxBNT2idChfgdMMmbYOMJGtq
50Lex/w5/7x6FKdxJr5a0sI6LvHKnwI9r6BOJ7KKX/mAjRKHXYA6HqEGbrLAzfPe
OcaGQ0+ojn1b
=zN5k
-----END PGP SIGNATURE-----

Attachment: pgpCS9YH4BenU.pgp
Description: PGP signature

--- End Message ---