{"id":"JLSEC-2026-126","summary":"In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications...","details":"In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.","modified":"2026-04-17T13:32:12.116759313Z","published":"2026-04-17T13:07:52.234Z","upstream":["CVE-2025-48175","EUVD-2025-15403","GHSA-44mp-2g68-7wvv"],"database_specific":{"sources":[{"id":"CVE-2025-48175","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48175","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-48175","modified":"2025-11-03T20:19:06.153Z","database_specific":{"status":"Modified"},"imported":"2026-04-17T08:45:49.620Z","published":"2025-05-16T05:15:37.470Z"},{"id":"GHSA-44mp-2g68-7wvv","html_url":"https://github.com/advisories/GHSA-44mp-2g68-7wvv","url":"https://api.github.com/advisories/GHSA-44mp-2g68-7wvv","modified":"2025-11-03T21:34:58Z","imported":"2026-04-17T08:45:49.893Z","published":"2025-05-16T06:30:24Z"},{"id":"EUVD-2025-15403","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-15403","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-15403","modified":"2025-11-03T20:04:43Z","imported":"2026-04-17T08:45:49.728Z","published":"2025-05-16T00:00:00Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd"},{"type":"WEB","url":"https://github.com/AOMediaCodec/libavif/pull/2769"},{"type":"WEB","url":"https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00031.html"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48175"},{"type":"WEB","url":"https://github.com/advisories/GHSA-44mp-2g68-7wvv"}],"affected":[{"package":{"name":"libavif_jll","ecosystem":"Julia","purl":"pkg:julia/libavif_jll?uuid=d7a461ab-9c30-58dd-b115-285ac81dc4e5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-126.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L"}]}