exploitDog

CVE-2024-1580

Опубликовано: 19 фев. 2024

Источник: debian

Описание

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
dav1d	fixed	1.4.0-1		package

Примечания

https://code.videolan.org/videolan/dav1d/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51 (1.4.0)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2502

Связанные уязвимости

CVE-2024-1580

CVSS3: 5.9

ubuntu

почти 2 года назад

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

CVE-2024-1580

CVSS3: 5.9

nvd

почти 2 года назад

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

SUSE-SU-2024:0964-1

suse-cvrf

почти 2 года назад

Security update for dav1d

SUSE-SU-2024:0963-1

suse-cvrf

почти 2 года назад

Security update for dav1d

GHSA-3p7f-4r2q-wxmm

CVSS3: 5.9

github

почти 2 года назад

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.