31 matches found
ROOT-OS-ALPINE-318-CVE-2024-1580 CVE-2024-1580 in rootio-dav1d - Patched by Root
Root has patched CVE-2024-1580 in the rootio-dav1d package for Root:Alpine:3.18. Multiple fixed versions available...
TencentOS Server 4: dav1d (TSSA-2024:0971)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0971 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
openSUSE Security Advisory (SUSE-SU-2024:0964-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, an...
Debian: Security Advisory (DSA-5686-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5686-1] dav1d security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5686-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2024 https://www.debian.org/security/faq -...
Debian dsa-5686 : dav1d - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5686 advisory. - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We...
Fedora 40 : dav1d (2024-12fcc689ac)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-12fcc689ac advisory. Update to version 1.4.0. This version addresses CVE-2024-1580 see RHBZ2264939. Tenable has extracted the preceding description block directly from the Fedora...
electron{27,28,29} -- multiple vulnerabilities
Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3515. Security: backported fix for CVE-2024-3516. Security: backported fix for CVE-2024-3157. Security: backported fix for CVE-2024-1580...
Updated dav1d packages fix security vulnerability
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. CVE-2024-1580...
emulsion (>=6.0.0 <=10.0.0), libavif-sys (>=0.8.0 <=0.15.0) +1 more potentially affected by CVE-2024-1580 via libdav1d-sys (>=0.2.0 <=0.6.0)
libdav1d-sys CARGO version =0.2.0, =6.0.0, =0.8.0, =0.9.4, =0.10.1 Source cves: CVE-2024-1580 Source advisory: OSV:GHSA-MC39-H54G-PVW6...
Apple Mac OS X Security Update (HT214095)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Mac OS X Security Update (HT214096)
Apple Mac OS X is prone to an out-of-bounds write vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
macOS 14.x < 14.4.1 (HT214096)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.4.1. It is, therefore, affected by a vulnerability: - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We...
About the security content of Safari 17.4.1
About the security content of Safari 17.4.1 This document describes the security content of Safari 17.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
About the security content of macOS Ventura 13.6.6
About the security content of macOS Ventura 13.6.6 This document describes the security content of macOS Ventura 13.6.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
About the security content of macOS Sonoma 14.4.1
About the security content of macOS Sonoma 14.4.1 This document describes the security content of macOS Sonoma 14.4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...
macOS 13.x < 13.6.6 (HT214095)
The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.6. It is, therefore, affected by a vulnerability: - An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : dav1d (SUSE-SU-2024:0964-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0964-1 advisory. - CVE-2024-1580: Fixed tilestartoff calculations for extremely large frame sizes bsc1220100. Tenable has...
SUSE SLED15 / SLES15 Security Update : dav1d (SUSE-SU-2024:0963-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0963-1 advisory. - CVE-2024-1580: Fixed tilestartoff calculations for extremely large frame sizes bsc1220100. Tenable has extracted the...