彙總 aomedia 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位、記憶體損壞與輸入驗證問題,在 生產負載與軟體部署 使用場景中可能帶來 記憶體損壞、應用程式崩潰與異常行為 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-48175 | In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. | [email protected] | 4.5 | 0.41% | 2025-05-16 | 2025-11-03 |
| CVE-2025-48174 | In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. | [email protected] | 4.5 | 0.32% | 2025-05-16 | 2025-11-03 |
| CVE-2024-5171 | Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calcu | [email protected] | 10.0 | 0.20% | 2024-06-05 | 2024-11-21 |
| CVE-2023-6879 | Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | [email protected] | 9.0 | 0.15% | 2023-12-27 | 2025-02-13 |
| CVE-2023-39616 | AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. | [email protected] | 7.5 | 0.03% | 2023-08-29 | 2024-11-21 |
| CVE-2020-36135 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c. | [email protected] | 6.5 | 0.11% | 2021-12-02 | 2024-11-21 |
| CVE-2020-36134 | AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. | [email protected] | 6.5 | 0.17% | 2021-12-02 | 2024-11-21 |
| CVE-2020-36133 | AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. | [email protected] | 8.8 | 0.17% | 2021-12-02 | 2024-11-21 |
| CVE-2020-36131 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. | [email protected] | 8.8 | 0.17% | 2021-12-02 | 2024-11-21 |
| CVE-2020-36130 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. | [email protected] | 6.5 | 0.11% | 2021-12-02 | 2024-11-21 |
| CVE-2020-36129 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. | [email protected] | 8.8 | 0.18% | 2021-12-02 | 2024-11-21 |
| CVE-2020-36407 | libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. | [email protected] | 8.8 | 0.48% | 2021-07-01 | 2024-11-21 |
| CVE-2021-30475 | aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow. | [email protected] | 9.8 | 0.21% | 2021-06-04 | 2024-11-21 |
| CVE-2021-30474 | aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. | [email protected] | 9.8 | 0.17% | 2021-06-02 | 2024-11-21 |
| CVE-2021-30473 | aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. | [email protected] | 9.8 | 0.25% | 2021-05-06 | 2024-11-21 |