{"id":"PYSEC-2021-892","details":"libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.","aliases":["CVE-2020-36407"],"modified":"2026-07-13T07:15:15.718824355Z","published":"2021-07-01T03:15:08.033Z","references":[{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml"},{"type":"FIX","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811"},{"type":"FIX","url":"https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9"}],"affected":[{"package":{"name":"avif","ecosystem":"PyPI","purl":"pkg:pypi/avif"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.8.0"},{"last_affected":"0.8.1"}]}],"versions":["0.1.0","0.1.1","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.3.0","0.4.0","0.5.0"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/avif/PYSEC-2021-892.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}