CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
17.1%
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
[
{
"defaultStatus": "unaffected",
"product": "dav1d",
"repo": "https://code.videolan.org/videolan/dav1d",
"vendor": "VideoLAN",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]
seclists.org/fulldisclosure/2024/Mar/36
seclists.org/fulldisclosure/2024/Mar/37
seclists.org/fulldisclosure/2024/Mar/38
seclists.org/fulldisclosure/2024/Mar/39
seclists.org/fulldisclosure/2024/Mar/40
seclists.org/fulldisclosure/2024/Mar/41
code.videolan.org/videolan/dav1d/-/blob/master/NEWS
code.videolan.org/videolan/dav1d/-/releases/1.4.0
lists.fedoraproject.org/archives/list/[email protected]/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/
support.apple.com/kb/HT214093
support.apple.com/kb/HT214094
support.apple.com/kb/HT214095
support.apple.com/kb/HT214096
support.apple.com/kb/HT214097
support.apple.com/kb/HT214098
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
17.1%