Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

Published

2024-02-19T11:15:08.817

Last Modified

2025-02-13T18:16:25.577

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	videolan	dav1d	< 1.4.0	Yes
Application	apple	safari	< 17.4.1	Yes
Operating System	apple	ipados	< 16.7.7	Yes
Operating System	apple	ipados	< 17.4.1	Yes
Operating System	apple	iphone_os	< 16.7.7	Yes
Operating System	apple	iphone_os	< 17.4.1	Yes
Operating System	apple	macos	< 13.6.6	Yes
Operating System	apple	macos	< 14.4.1	Yes
Operating System	apple	visionos	< 1.1.1	Yes
Operating System	fedoraproject	fedora	40	Yes

References

http://seclists.org/fulldisclosure/2024/Mar/36 Mailing List ([email protected])
http://seclists.org/fulldisclosure/2024/Mar/37 Mailing List ([email protected])
http://seclists.org/fulldisclosure/2024/Mar/38 Mailing List ([email protected])
http://seclists.org/fulldisclosure/2024/Mar/39 Mailing List ([email protected])
http://seclists.org/fulldisclosure/2024/Mar/40 Mailing List ([email protected])
http://seclists.org/fulldisclosure/2024/Mar/41 Mailing List ([email protected])
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS Release Notes ([email protected])
https://code.videolan.org/videolan/dav1d/-/releases/1.4.0 Release Notes ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/ Mailing List ([email protected])
https://support.apple.com/kb/HT214093 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT214094 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT214095 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT214096 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT214097 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT214098 Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2024/Mar/36 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Mar/37 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Mar/38 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Mar/39 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Mar/40 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Mar/41 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://code.videolan.org/videolan/dav1d/-/releases/1.4.0 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214093 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214094 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214095 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214096 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214097 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT214098 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)