CVE-2025-48174
Closed this issue · 1 comments
Srikantan0 commented
Bug Overview
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48174 | critical | 9.10 | libavif | 1.0.4-r0 | fixed in 1.3.0 6 days ago | 26 days | < 1 hour | In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. |
Can you please publish latest versions of docker images without this CVE ?
This is happening even in latest docker image nginxinc/nginx-unprivileged:1.28.0-alpine3.21 as well.
Expected Behavior
No reported CVEs
Steps to Reproduce the Bug
Scan the docker image nginxinc/nginx-unprivileged:1.28.0-alpine3.21 using twstlock scanner.
Environment Details
Docker image nginxinc/nginx-unprivileged:1.28.0-alpine3.21
Additional Context
No response
alessfg commented
This is not one of the critical CVEs per https://github.com/nginx/docker-nginx-unprivileged/blob/main/SECURITY.md, nor has the fix made it to the upstream Alpine images. In the future, please keep in mind only reporting critical CVEs that have a fix available in the upstream images :)