These are all security issues fixed in the dav1d-1.4.0-2.1 package on the GA media of openSUSE Tumbleweed.