CVE-2025-48175 – Libavif Integer Overflow Vulnerability

May 16, 2025

CVE ID : CVE-2025-48175

Published : May 16, 2025, 5:15 a.m. | 3 hours, 44 minutes ago

Description : In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.

Severity: 4.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4746 – Campcodes Sales and Inventory System SQL Injection Vulnerability

Next Article CVE-2025-4745 – Apache Code-projects Employee Record System Cross-Site Scripting

Highlights

CVE-2025-7394 – OpenSSL wolfSSL Predictable Random Number Generation After Fork Vulnerability

July 18, 2025

CVE ID : CVE-2025-7394

Published : July 18, 2025, 11:15 p.m. | 1 hour, 40 minutes ago

Description : In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-48175 – Libavif Integer Overflow Vulnerability

CVE-2025-49895 – PluginBuddy.Com ServerBuddy CSRF Object Injection Vulnerability

CVE-2025-3671 – “WordPress Gym Management System – Local File Inclusion Vulnerability”

PHP 8.5.0 Alpha 1 available for testing

vitorccs/laravel-csv

Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Microsoft Brings Enhanced Defender for Cloud Support to U.S. Government Cloud Offerings

CVE-2025-7394 – OpenSSL wolfSSL Predictable Random Number Generation After Fork Vulnerability

CVE-2025-47288 – Discourse Policy Plugin Group Policy Information Disclosure

CVE-2025-7895 – Harry0703 MoneyPrinterTurbo Unrestricted File Upload Vulnerability

Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability

CVE-2025-48175 – Libavif Integer Overflow Vulnerability

Related Posts