RUSTSEC-2024-0016

Source
https://rustsec.org/advisories/RUSTSEC-2024-0016
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0016.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2024-0016
Aliases
Published
2024-02-19T12:00:00Z
Modified
2024-04-11T16:41:43.597984Z
Summary
dav1d AV1 decoder integer overflow
Details

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / libdav1d-sys

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.7.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "memory-corruption"
    ]
}