Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32570

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

Published

2023-05-10T05:15:12.190

Last Modified

2025-01-28T16:15:36.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-362
Type: Secondary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	videolan	dav1d	< 1.2.0	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa Patch ([email protected])
https://code.videolan.org/videolan/dav1d/-/tags/1.2.0 Release Notes ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/ ([email protected])
https://security.gentoo.org/glsa/202310-05 Third Party Advisory ([email protected])
https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa Patch (af854a3a-2127-422b-91ae-364da2661108)
https://code.videolan.org/videolan/dav1d/-/tags/1.2.0 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202310-05 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)