1220099 – (CVE-2024-1580) VUL-0: CVE-2024-1580: TRACKERBUG: dav1d: integer overflow when decoding videos with large frame size

Bug 1220099 (CVE-2024-1580) - VUL-0: CVE-2024-1580: TRACKERBUG: dav1d: integer overflow when decoding videos with large frame size

Summary: VUL-0: CVE-2024-1580: TRACKERBUG: dav1d: integer overflow when decoding video...

Status:	RESOLVED FIXED

Alias:	CVE-2024-1580

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/394507/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-1580:6.3:(AV:N...
Keywords:

Depends on:	1220100 1220104 1220105
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2024-02-20 10:10 UTC by SMASH SMASH
Modified:	2024-04-19 08:28 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-02-20 10:10:55 UTC

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1580
https://www.cve.org/CVERecord?id=CVE-2024-1580
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
https://code.videolan.org/videolan/dav1d/-/releases/1.4.0
https://bugzilla.redhat.com/show_bug.cgi?id=2264938

Patch:
https://code.videolan.org/videolan/dav1d/-/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51

Comment 1 Carlos López 2024-04-19 08:28:18 UTC

All done, closing.