RUSTSEC-2024-0016

Source

https://rustsec.org/advisories/RUSTSEC-2024-0016

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0016.json

Aliases

GHSA-mc39-h54g-pvw6

Published

2024-02-19T12:00:00Z

Modified

2024-04-11T16:41:43.597984Z

Summary

dav1d AV1 decoder integer overflow

Details

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0

References

https://crates.io/crates/libdav1d-sys
https://rustsec.org/advisories/RUSTSEC-2024-0016.html
https://www.cvedetails.com/cve/CVE-2024-1580/

Affected packages

crates.io / libdav1d-sys

Package

Name: libdav1d-sys

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.7.0

Ecosystem specific

{
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}