Debian Patches
Status for libavif/0.11.1-1+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Add-integer-overflow-checks-to-makeRoom.patch | Add integer overflow checks to makeRoom (CVE-2025-48174) https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109, https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11 Instead of backporting requsites for the patches from https://github.com/AOMediaCodec/libavif/pull/2768 make the overflow check and abort() instead. Use abort() to be consistent with avifAlloc() in libavif v0.11.1 (in src/mem.c): void * avifAlloc(size_t size) { void * out = malloc(size); if (out == NULL) { abort(); } return out; } Include <stdlib.h> for abort(). |
DanisJiang <43723722+DanisJiang@users.noreply.github.com> | yes | debian upstream | backport, https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c053559902, | |
| Avoid-integer-overflow-in-32-bit-int-or-unsigned-int.patch | Avoid integer overflow in (32-bit) int or unsigned int arithmetic operations The idea of this patch is to assume the existence of integer overflow in the code in avifImageRGBToYUV() and only enter the function when the image width and height are not too big. We have a similar protection in avifDecoder. Since avifImageRGBToYUV() is typically used to prepare the input to avifEncoder, I didn't add this protection to avifImageRGBToYUV(). 2ded15b09 has some context for the image size (area) and dimension limits. For this avifImageRGBToYUV() issue, the image size (area) limit is sufficient. The image dimension limit is intended to avoid spending a very long time decoding an image. |
Wan-Teh Chang <wtc@google.com> | yes | debian upstream | https://github.com/AOMediaCodec/libavif/pull/2769#issuecomment-2907860473 |
All known versions for source package 'libavif'
- 1.3.0-1 (sid, forky)
- 1.2.1-1.2 (trixie)
- 0.11.1-1+deb12u1 (bookworm-security, bookworm)