CVE-2024-1580 Vulnerability Details

  /     /     /  

CVE-2024-1580 Metadata Quick Info

CVE Published: 19/02/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: Google | Vendor: VideoLAN | Product: dav1d
Status : PUBLISHED

---

CVE-2024-1580 Description

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.

Metrics

CVSS Version: 3.1 | Base Score: 5.9 MEDIUM
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-190
CWE Name: CWE-190 Integer Overflow or Wraparound
Source: VideoLAN

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-100
CAPEC Description: CAPEC-100 Overflow Buffers


Source: NVD (National Vulnerability Database).