CVE-2024-1580
dav1d - security update
8.8
HIGH
CVSS 3.1
EPSS 0.58%
Description
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
How to fix CVE-2024-1580
To remediate CVE-2024-1580, upgrade the affected package to a fixed version below.
- Alpine/dav1d—upgrade to 1.3.0-r1 or later
- —upgrade to 0.7.1-3+deb11u1 or later
- —upgrade to 0.7.1-3+deb11u1 or later
Is CVE-2024-1580 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.3.0-r1
- from 0, < 0.7.1-3+deb11u1
- from 0, < 0.7.1-3+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |