Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
libdav1d-sys affected by dav1d AV1 decoder integer overflow
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0.
Permalink: https://github.com/advisories/GHSA-mc39-h54g-pvw6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: 8 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Identifiers: GHSA-mc39-h54g-pvw6
References:
- https://rustsec.org/advisories/RUSTSEC-2024-0016.html
- https://www.cvedetails.com/cve/CVE-2024-1580
- https://github.com/advisories/GHSA-mc39-h54g-pvw6
Affected Packages
cargo:libdav1d-sys
Dependent packages: 3Dependent repositories: 18
Downloads: 90,373 total
Affected Version Ranges: < 0.7.0
Fixed in: 0.7.0
All affected versions: 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0
All unaffected versions: 0.7.0, 0.7.1