GHSA-mc39-h54g-pvw6

Source

https://github.com/advisories/GHSA-mc39-h54g-pvw6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mc39-h54g-pvw6/GHSA-mc39-h54g-pvw6.json

Aliases

RUSTSEC-2024-0016

Published

2024-04-05T15:42:39Z

Modified

2024-04-11T16:41:43.597984Z

Details

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0.

References

https://github.com/njaard/libavif-rs
https://rustsec.org/advisories/RUSTSEC-2024-0016.html
https://www.cvedetails.com/cve/CVE-2024-1580

Affected packages

crates.io / libdav1d-sys

Package

Name: libdav1d-sys

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.7.0