[email protected]NVD:CVE-2024-1580

HistoryFeb 19, 2024 - 11:15 a.m.

CVE-2024-1580

2024-02-1911:15:08

CWE-190

[email protected]

web.nvd.nist.gov

cve-2024-1580

memory corruption

video decoding

CVSS3

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

References

seclists.org/fulldisclosure/2024/Mar/36

seclists.org/fulldisclosure/2024/Mar/37

seclists.org/fulldisclosure/2024/Mar/38

seclists.org/fulldisclosure/2024/Mar/39

seclists.org/fulldisclosure/2024/Mar/40

seclists.org/fulldisclosure/2024/Mar/41

code.videolan.org/videolan/dav1d/-/blob/master/NEWS

code.videolan.org/videolan/dav1d/-/releases/1.4.0

lists.fedoraproject.org/archives/list/[email protected]/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/

support.apple.com/kb/HT214093

support.apple.com/kb/HT214094

support.apple.com/kb/HT214095

support.apple.com/kb/HT214096

support.apple.com/kb/HT214097

support.apple.com/kb/HT214098

CVSS3

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

Related for NVD:CVE-2024-1580

apple6 debian1 cvelist1 nessus7 openvas6 osv4 mageia1 veracode1 fedora1 cve1 ubuntucve1 alpinelinux1 prion1 vulnrichment1 debiancve1 freebsd1