CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-1580 – Integer overflow in VideoLAN dav1d
https://notcve.org/view.php?id=CVE-2024-1580
19 Feb 2024 — An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d. Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tamaño de cuadro grande. Esto puede provocar daños en la memoria del decodificador AV1. • https://packetstorm.news/files/id/177632 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32570 – Gentoo Linux Security Advisory 202310-05
https://notcve.org/view.php?id=CVE-2023-32570
10 May 2023 — VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. VideoLAN dav1d anterior a 1.2.0 tiene una condición de ejecución thread_task.c que puede provocar un bloqueo de la aplicación, relacionado con dav1d_decode_frame_exit. A vulnerability has been found in dav1d which could result in denial of service. Versions greater than or equal to 1.2.0 are affected. • https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •