Veracode Vulnerability DatabaseVERACODE:45576Integer Overflow
5.9 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
6.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%
dav1d is vulnerable of integer overflow. The vulnerability due to improper memory allocation in dav1d AV1 decoder that can occur when decoding videos with large frame size. it could indeed lead to memory corruption and pose a security risk.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dav1d:sid | eq | 0.7.1-3 | |
| dav1d:3.19 | eq | 1.3.0-r0 | |
| dav1d:sid | eq | 0.7.1-3 | |
| dav1d:3.19 | eq | 1.3.0-r0 |
References
seclists.org/fulldisclosure/2024/Mar/36
seclists.org/fulldisclosure/2024/Mar/37
seclists.org/fulldisclosure/2024/Mar/38
seclists.org/fulldisclosure/2024/Mar/39
seclists.org/fulldisclosure/2024/Mar/40
seclists.org/fulldisclosure/2024/Mar/41
code.videolan.org/videolan/dav1d/-/blob/master/NEWS
code.videolan.org/videolan/dav1d/-/releases/1.4.0
lists.fedoraproject.org/archives/list/[email protected]/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/
security-tracker.debian.org/tracker/CVE-2024-1580
support.apple.com/kb/HT214093
support.apple.com/kb/HT214094
support.apple.com/kb/HT214095
support.apple.com/kb/HT214096
support.apple.com/kb/HT214097
support.apple.com/kb/HT214098
Related
5.9 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
6.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%