|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-1580: gstreamer-plugins-rs: dav1d: integer overflow when decoding videos with large frame size | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Andrea Mattiazzo <andrea.mattiazzo> |
| Component: | Incidents | Assignee: | Antonio Larrosa <alarrosa> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | andrea.mattiazzo, security-team, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/394507/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1220099 | ||
|
Description
Andrea Mattiazzo
2024-02-20 11:10:59 UTC
gstreamer-plugins-rs uses the system dav1d library. We currently have dav1d 1.4.0 in TW and 1.0.0 in SP5 (it wasn't updated in SP6) so I just submitted https://build.suse.de/request/show/322301 to fix this issue in SP5:Update. I also submitted https://build.opensuse.org/request/show/1148600 to the devel project and once it's accepted I'll submit 1.4.0 to ALP This is an autogenerated message for OBS integration: This bug (1220104) was mentioned in https://build.opensuse.org/request/show/1148647 Factory / dav1d This is an autogenerated message for OBS integration: This bug (1220104) was mentioned in https://build.opensuse.org/request/show/1148724 Factory / dav1d Thanks, since no action is needed on gstreamer-plugins-rs side i will close it as fixed, I have created [0] to track the fixes on dav1d [0] https://bugzilla.suse.com/show_bug.cgi?id=1220100 |