ALT-PU-2024-4636-4

Package update dav1d in branch c10f1

Version1.4.0-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (3)

MEDIUM5.9

Уязвимость декодера dav1d операционных систем iOS, iPadOS, visionOS, macOS, Fedora, браузера Safari, позволяющая нарушителю выполнить произвольный код

Published: 2024-07-01Modified: 2026-01-20

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:A/AC:H/Au:S/C:P/I:C/A:P

References

CVE-2024-1580

MEDIUM5.9

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

Published: 2023-05-10Modified: 2025-01-28

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

HIGH8.8

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

Published: 2024-02-19Modified: 2025-02-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References