Bug 1220099 (CVE-2024-1580)

Summary: VUL-0: CVE-2024-1580: TRACKERBUG: dav1d: integer overflow when decoding videos with large frame size
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, carlos.lopez
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/394507/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-1580:6.3:(AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1220100, 1220104, 1220105    
Bug Blocks:    

Description SMASH SMASH 2024-02-20 10:10:55 UTC 
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1580
https://www.cve.org/CVERecord?id=CVE-2024-1580
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
https://code.videolan.org/videolan/dav1d/-/releases/1.4.0
https://bugzilla.redhat.com/show_bug.cgi?id=2264938

Patch:
https://code.videolan.org/videolan/dav1d/-/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51
Comment 1 Carlos López 2024-04-19 08:28:18 UTC 
All done, closing.