Bug 1220100 - VUL-0: CVE-2024-1580: dav1d: dav1d: integer overflow when decoding videos with large frame size
Summary: VUL-0: CVE-2024-1580: dav1d: dav1d: integer overflow when decoding videos wit...
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/394507/
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2024-1580
  Show dependency treegraph
 
Reported: 2024-02-20 10:21 UTC by Andrea Mattiazzo
Modified: 2024-04-19 08:28 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrea Mattiazzo 2024-02-20 10:21:21 UTC 
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1580
https://www.cve.org/CVERecord?id=CVE-2024-1580
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
https://code.videolan.org/videolan/dav1d/-/releases/1.4.0
https://bugzilla.redhat.com/show_bug.cgi?id=2264938

Patch:
https://code.videolan.org/videolan/dav1d/-/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51
Comment 1 Andrea Mattiazzo 2024-02-20 10:27:19 UTC 
Tracking as affected:
- SUSE:ALP:Source:Standard:1.0/dav1d                 1.3.0                     
- SUSE:SLE-15-SP4:Update/dav1d                       0.9.2                     
- SUSE:SLE-15-SP5:Update/dav1d                       1.0.0
Comment 4 Maintenance Automation 2024-03-22 12:30:45 UTC 
SUSE-SU-2024:0964-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1220100
CVE References: CVE-2024-1580
Maintenance Incident: [SUSE:Maintenance:32683](https://smelt.suse.de/incident/32683/)
Sources used:
openSUSE Leap 15.5 (src):
 dav1d-1.0.0-150500.3.6.1
Desktop Applications Module 15-SP5 (src):
 dav1d-1.0.0-150500.3.6.1
SUSE Package Hub 15 15-SP5 (src):
 dav1d-1.0.0-150500.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Maintenance Automation 2024-03-22 12:30:46 UTC 
SUSE-SU-2024:0963-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1220100
CVE References: CVE-2024-1580
Maintenance Incident: [SUSE:Maintenance:32684](https://smelt.suse.de/incident/32684/)
Sources used:
openSUSE Leap 15.4 (src):
 dav1d-0.9.2-150400.3.3.1
Basesystem Module 15-SP5 (src):
 dav1d-0.9.2-150400.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Carlos López 2024-04-19 08:28:04 UTC 
Everything should be released, closing.