CVE-2024-1580 — Integer Overflow or Wraparound in Dav1d

CWE-190 — Integer Overflow or Wraparound13 documents8 sources

Severity

8.8HIGHNVD

CNA5.9

EPSS

0.6%

top 30.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan Dav1d Apple Ipados Apple Iphone OS +4 more

Timeline

PublishedFeb 19

Latest updateOct 1

Description

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5videolan/dav1d< 1.4.0

▶NVDvideolan/dav1d< 1.4.0

▶Debianvideolan/dav1d< 0.7.1-3+deb11u1+3

▶NVDapple/macos13.0 — 13.6.6+1

▶NVDapple/ipados17.0 — 17.4.1+1

Also affects: Fedora 40

🔴Vulnerability Details

Project0

Effective Fuzzing: A Dav1d Case Study - Project Zero↗2024-10-01

▶

GHSA

GHSA-3p7f-4r2q-wxmm: An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size↗2024-02-19

▶

CVEList

Integer overflow in VideoLAN dav1d↗2024-02-19

▶

OSV

CVE-2024-1580: An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size↗2024-02-19

▶

📋Vendor Advisories

Apple

CVE-2024-1580: macOS Sonoma 14.4.1↗2024-03-25

▶

Apple

CVE-2024-1580: Safari 17.4.1↗2024-03-25

▶

Apple

CVE-2024-1580: macOS Ventura 13.6.6↗2024-03-25

▶

Apple

CVE-2024-1580: iOS 17.4.1 and iPadOS 17.4.1↗2024-03-21

▶

Apple

CVE-2024-1580: visionOS 1.1.1↗2024-03-21

▶

💬Community

Bugzilla

Evaluate dav1d CVE-2024-1580 fix↗2024-02-20

▶