CVE-2024-1580: Integer overflow in VideoLAN dav1d
First published: Mon Feb 19 2024(Updated: )
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
Credit: cve-coordination@google.com Nick Galloway Google Project ZeroNick Galloway Google Project ZeroNick Galloway Google Project ZeroNick Galloway Google Project ZeroNick Galloway Google Project Zero
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <16.7.7 | 16.7.7 |
| Apple iPadOS | <16.7.7 | 16.7.7 |
| Apple macOS Sonoma | <14.4.1 | 14.4.1 |
| Apple visionOS | <1.1.1 | 1.1.1 |
| Apple macOS Ventura | <13.6.6 | 13.6.6 |
| Apple iOS | <17.4.1 | 17.4.1 |
| Apple iPadOS | <17.4.1 | 17.4.1 |
| Apple Safari | <17.4.1 | 17.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
- https://code.videolan.org/videolan/dav1d/-/releases/1.4.0
- https://support.apple.com/en-us/HT214098 (Advisory)
- https://support.apple.com/en-us/HT214096 (Advisory)
- https://support.apple.com/en-us/HT214093 (Advisory)
- https://support.apple.com/en-us/HT214095 (Advisory)
- https://support.apple.com/en-us/HT214097 (Advisory)
- https://support.apple.com/en-us/HT214094 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/
- https://support.apple.com/kb/HT214098
- https://support.apple.com/kb/HT214097
- https://support.apple.com/kb/HT214095
- https://support.apple.com/kb/HT214093
- https://support.apple.com/kb/HT214096
- https://support.apple.com/kb/HT214094
- http://seclists.org/fulldisclosure/2024/Mar/41
- http://seclists.org/fulldisclosure/2024/Mar/36
- http://seclists.org/fulldisclosure/2024/Mar/38
- http://seclists.org/fulldisclosure/2024/Mar/37
- http://seclists.org/fulldisclosure/2024/Mar/40
- http://seclists.org/fulldisclosure/2024/Mar/39
Parent vulnerabilities
(Appears in the following advisories)
- agent/title
- agent/first-publish-date
- agent/type
- agent/severity
- collector/nvd-api
- source/NVD
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos sonoma
- canonical/apple visionos
- canonical/apple macos ventura
- canonical/apple safari