UBUNTU-CVE-2024-1580

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-1580

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-1580.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-1580

Related

CVE-2024-1580

Published

2024-02-19T11:15:00Z

Modified

2024-10-15T14:12:49Z

Summary

[none]

Details

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

References

Affected packages

Ubuntu:22.04:LTS / dav1d

Package

Name: dav1d
Purl: pkg:deb/ubuntu/dav1d?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.7.1-3

0.9.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / dav1d

Package

Name: dav1d
Purl: pkg:deb/ubuntu/dav1d?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.1-1build1

1.4.2-1

1.4.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / dav1d

Package

Name: dav1d
Purl: pkg:deb/ubuntu/dav1d?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.1-2

1.3.0-2

1.4.0-1

1.4.1-1

1.4.1-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}