CVE-2023-32570Race Condition in Dav1d

CWE-362Race Condition7 documents7 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 79.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Videolan Dav1dFedoraproject Fedora
Timeline
PublishedMay 10

Description

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDvideolan/dav1d< 1.2.0
Debianvideolan/dav1d< 1.2.1-2+1

Also affects: Fedora 37, 38

Patches

Patch: code.videolan.orgPatch: code.videolan.org

🔴Vulnerability Details

3
CVEList
CVE-2023-32570: VideoLAN dav1d before 12023-05-10
OSV
CVE-2023-32570: VideoLAN dav1d before 12023-05-10
GHSA
GHSA-6q7w-3rwf-fh47: VideoLAN dav1d before 12023-05-10

📋Vendor Advisories

3
Microsoft
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.2023-05-09
Debian
CVE-2023-32570: dav1d - VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to ...2023
Mozilla
Mozilla Foundation Security Advisory 2023-16: CVE-2023-32570
CVE-2023-32570 — Race Condition in Videolan Dav1d | cvebase