Bug 1220105 - VUL-0: CVE-2024-1580: rav1e: dav1d: integer overflow when decoding videos with large frame size
Summary: VUL-0: CVE-2024-1580: rav1e: dav1d: integer overflow when decoding videos wit...
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Michael Gorse
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/394507/
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2024-1580
  Show dependency treegraph
 
Reported: 2024-02-20 11:42 UTC by Andrea Mattiazzo
Modified: 2024-02-29 14:50 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrea Mattiazzo 2024-02-20 11:42:30 UTC 
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1580
https://www.cve.org/CVERecord?id=CVE-2024-1580
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
https://code.videolan.org/videolan/dav1d/-/releases/1.4.0
https://bugzilla.redhat.com/show_bug.cgi?id=2264938

Patch:
https://code.videolan.org/videolan/dav1d/-/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51
Comment 2 Yifan Jiang 2024-02-21 08:16:06 UTC 
Hello Mike, I put this under your name because I saw your name in the dav1d bugowner list. Can you please take a look? Thank you!
Comment 4 OBSbugzilla Bot 2024-02-21 14:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1220105) was mentioned in
https://build.opensuse.org/request/show/1148724 Factory / dav1d
Comment 8 Andrea Mattiazzo 2024-02-22 17:22:09 UTC 
Closing since package load system dependency and use dav1d only for testing purposes.