CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1580 – Integer overflow in VideoLAN dav1d
https://notcve.org/view.php?id=CVE-2024-1580
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d. Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tamaño de cuadro grande. Esto puede provocar daños en la memoria del decodificador AV1. • http://seclists.org/fulldisclosure/2024/Mar/36 http://seclists.org/fulldisclosure/2024/Mar/37 http://seclists.org/fulldisclosure/2024/Mar/38 http://seclists.org/fulldisclosure/2024/Mar/39 http://seclists.org/fulldisclosure/2024/Mar/40 http://seclists.org/fulldisclosure/2024/Mar/41 https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS https://code.videolan.org/videolan/dav1d/-/releases/1.4.0 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorap • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32570
https://notcve.org/view.php?id=CVE-2023-32570
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. VideoLAN dav1d anterior a 1.2.0 tiene una condición de ejecución thread_task.c que puede provocar un bloqueo de la aplicación, relacionado con dav1d_decode_frame_exit. • https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa https://code.videolan.org/videolan/dav1d/-/tags/1.2.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP https://security.gentoo.org/glsa/202310-05 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •