Bugzilla – Bug 1220104
VUL-0: CVE-2024-1580: gstreamer-plugins-rs: dav1d: integer overflow when decoding videos with large frame size
Last modified: 2024-02-21 14:39:10 UTC
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1580 https://www.cve.org/CVERecord?id=CVE-2024-1580 https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS https://code.videolan.org/videolan/dav1d/-/releases/1.4.0 https://bugzilla.redhat.com/show_bug.cgi?id=2264938 Patch: https://code.videolan.org/videolan/dav1d/-/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51
gstreamer-plugins-rs uses the system dav1d library. We currently have dav1d 1.4.0 in TW and 1.0.0 in SP5 (it wasn't updated in SP6) so I just submitted https://build.suse.de/request/show/322301 to fix this issue in SP5:Update. I also submitted https://build.opensuse.org/request/show/1148600 to the devel project and once it's accepted I'll submit 1.4.0 to ALP
This is an autogenerated message for OBS integration: This bug (1220104) was mentioned in https://build.opensuse.org/request/show/1148647 Factory / dav1d
This is an autogenerated message for OBS integration: This bug (1220104) was mentioned in https://build.opensuse.org/request/show/1148724 Factory / dav1d
Thanks, since no action is needed on gstreamer-plugins-rs side i will close it as fixed, I have created [0] to track the fixes on dav1d [0] https://bugzilla.suse.com/show_bug.cgi?id=1220100