#VU87785 Integer overflow in dav1d


Vulnerability identifier: #VU87785

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1580

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
dav1d
Other software / Other software solutions

Vendor: VideoLAN

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the AV1 decoder when decoding videos with large frame size. A remote attacker can trick the victim to play a specially crafted video file, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

dav1d: 0.1.0 - 1.3.0

External links
http://code.videolan.org/videolan/dav1d/-/releases/1.4.0
http://code.videolan.org/videolan/dav1d/-/blob/master/NEWS
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Debian update for dav1d
Remote code execution in Apple Safari
Remote code execution in Apple visionOS
Fedora 40 update for dav1d
Remote code execution in Apple iOS 17 and iPadOS 17
Remote code execution in Apple iOS 16 and iPadOS 16
Remote code execution in macOS Ventura
Remote code execution in macOS Sonoma
Remote code execution in VideoLAN dav1d