CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1580 – Integer overflow in VideoLAN dav1d
https://notcve.org/view.php?id=CVE-2024-1580
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d. Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tamaño de cuadro grande. Esto puede provocar daños en la memoria del decodificador AV1. • http://seclists.org/fulldisclosure/2024/Mar/36 http://seclists.org/fulldisclosure/2024/Mar/37 http://seclists.org/fulldisclosure/2024/Mar/38 http://seclists.org/fulldisclosure/2024/Mar/39 http://seclists.org/fulldisclosure/2024/Mar/40 http://seclists.org/fulldisclosure/2024/Mar/41 https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS https://code.videolan.org/videolan/dav1d/-/releases/1.4.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorap • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46814
https://notcve.org/view.php?id=CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar código con privilegios elevados desde una ubicación de escritura estándar por parte del usuario. • https://www.videolan.org/security/sb-vlc3019.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47360
https://notcve.org/view.php?id=CVE-2023-47360
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. Videolan VLC anterior a la versión 3.0.20 contiene un desbordamiento insuficiente de enteros que conduce a una longitud de paquete incorrecta. • https://0xariana.github.io/blog/real_bugs/vlc/mms https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47359
https://notcve.org/view.php?id=CVE-2023-47359
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. Videolan VLC anterior a la versión 3.0.20 contiene una lectura de desplazamiento incorrecta que provoca un desbordamiento del búfer en la función GetPacket() y provoca daños en la memoria. • https://0xariana.github.io/blog/real_bugs/vlc/mms https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32570
https://notcve.org/view.php?id=CVE-2023-32570
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. VideoLAN dav1d anterior a 1.2.0 tiene una condición de ejecución thread_task.c que puede provocar un bloqueo de la aplicación, relacionado con dav1d_decode_frame_exit. • https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa https://code.videolan.org/videolan/dav1d/-/tags/1.2.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP https://security.gentoo.org/glsa/202310-05 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •