Comment 1 Sam James 2025-06-24 12:28:23 UTC

Thanks! Not yet in tree so adjusting summary.

Comment 2 Larry the Git Cow 2025-06-24 12:29:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06c73580d2856c64b8ea015a518d8f49e1f1aa11

commit 06c73580d2856c64b8ea015a518d8f49e1f1aa11
Author:     Daniel Novomeský <dnovomesky@gmail.com>
AuthorDate: 2025-06-23 18:28:27 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-06-24 12:28:32 +0000

    media-libs/libavif: add 1.3.0
    
    Bug: https://bugs.gentoo.org/958975
    Signed-off-by: Daniel Novomeský <dnovomesky@gmail.com>
    Part-of: https://github.com/gentoo/gentoo/pull/42713
    Closes: https://github.com/gentoo/gentoo/pull/42713
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libavif/Manifest             |   1 +
 media-libs/libavif/libavif-1.3.0.ebuild | 130 ++++++++++++++++++++++++++++++++
 2 files changed, 131 insertions(+)

Comment 3 Sam James 2025-06-24 12:32:34 UTC

"In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size."