aomedia CVE Vulnerabilities & Metrics

Focus on aomedia vulnerabilities and metrics.

Last updated: 07 Jun 2025, 22:25 UTC

About aomedia Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with aomedia. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total aomedia CVEs: 13
Earliest CVE date: 06 May 2021, 15:15 UTC
Latest CVE date: 16 May 2025, 05:15 UTC

Latest CVE reference: CVE-2025-48174

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -50.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -50.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical aomedia CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.82

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	7
7.0-8.9	3
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS aomedia CVEs

These are the five CVEs with the highest CVSS scores for aomedia, sorted by severity first and recency.

CVE-2021-30475 aomedia Published on 04 Jun 2021, 14:15 UTC (CVSS: 7.5)
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
CVE-2021-30474 aomedia Published on 02 Jun 2021, 17:15 UTC (CVSS: 7.5)
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
CVE-2021-30473 aomedia Published on 06 May 2021, 15:15 UTC (CVSS: 7.5)
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2020-36133 aomedia Published on 02 Dec 2021, 22:15 UTC (CVSS: 6.8)
AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.
CVE-2020-36131 aomedia Published on 02 Dec 2021, 22:15 UTC (CVSS: 6.8)
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.

All CVEs for aomedia

CVE-2025-48174 aomedia vulnerability CVSS: 0 16 May 2025, 05:15 UTC

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.

CVE-2023-6879 aomedia vulnerability CVSS: 0 27 Dec 2023, 23:15 UTC

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().

CVE-2023-39616 aomedia vulnerability CVSS: 0 29 Aug 2023, 17:15 UTC

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

CVE-2020-36135 aomedia vulnerability CVSS: 4.3 02 Dec 2021, 22:15 UTC

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.

CVE-2020-36134 aomedia vulnerability CVSS: 4.3 02 Dec 2021, 22:15 UTC

AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.

CVE-2020-36133 aomedia vulnerability CVSS: 6.8 02 Dec 2021, 22:15 UTC

AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.

CVE-2020-36131 aomedia vulnerability CVSS: 6.8 02 Dec 2021, 22:15 UTC

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.

CVE-2020-36130 aomedia vulnerability CVSS: 4.3 02 Dec 2021, 22:15 UTC

AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.

CVE-2020-36129 aomedia vulnerability CVSS: 6.8 02 Dec 2021, 22:15 UTC

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.

CVE-2020-36407 aomedia vulnerability CVSS: 6.8 01 Jul 2021, 03:15 UTC

libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.

CVE-2021-30475 aomedia vulnerability CVSS: 7.5 04 Jun 2021, 14:15 UTC

aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.

CVE-2021-30474 aomedia vulnerability CVSS: 7.5 02 Jun 2021, 17:15 UTC

aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.

CVE-2021-30473 aomedia vulnerability CVSS: 7.5 06 May 2021, 15:15 UTC

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.