From a7b0b1cba82b0eb82716e4c84fc46830fb4f4b45 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Wed, 15 Oct 2025 09:46:42 +1300
Subject: [PATCH] libavif: ignore CVE-2025-48175

CVE-2025-48175 got introduced due to following change which is missing in the current recipe version
https://github.com/AOMediaCodec/libavif/commit/1b4ce5ca24a33b5878b7f766de6eaa05c49f08e6

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta-multimedia/recipes-multimedia/libavif/libavif_1.0.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-multimedia/recipes-multimedia/libavif/libavif_1.0.1.bb b/meta-multimedia/recipes-multimedia/libavif/libavif_1.0.1.bb
index 885758b6a4..8ddd16ee2a 100644
--- a/meta-multimedia/recipes-multimedia/libavif/libavif_1.0.1.bb
+++ b/meta-multimedia/recipes-multimedia/libavif/libavif_1.0.1.bb
@@ -14,3 +14,5 @@ DEPENDS = "dav1d"
 inherit cmake
 
 EXTRA_OECMAKE += "-DAVIF_CODEC_DAV1D=ON"
+
+CVE_STATUS[CVE-2025-48175] = "cpe-incorrect: The current version (1.0.1) is not affected by the CVE"