CVE-2024-1580
Published: February 20, 2024Last modified: June 5, 2025
Description
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Notes
Fixed in 1.4.0 https://code.videolan.org/videolan/dav1d/-/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | dav1d | Vulnerable (1.0.0-r2) |
| Stream | dav1d | Fixed (1.4.0-r0) |
References
- http://seclists.org/fulldisclosure/2024/Mar/36
- http://seclists.org/fulldisclosure/2024/Mar/37
- http://seclists.org/fulldisclosure/2024/Mar/38
- http://seclists.org/fulldisclosure/2024/Mar/39
- http://seclists.org/fulldisclosure/2024/Mar/40
- http://seclists.org/fulldisclosure/2024/Mar/41
- https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
- https://code.videolan.org/videolan/dav1d/-/releases/1.4.0
- https://lists.fedoraproject.org/archives/list/[email protected]/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/
- https://support.apple.com/kb/HT214093
- https://support.apple.com/kb/HT214094
- https://support.apple.com/kb/HT214095
- https://support.apple.com/kb/HT214096
- https://support.apple.com/kb/HT214097
- https://support.apple.com/kb/HT214098