Lucene search
Gentoo FoundationGLSA-202310-05HistoryOct 08, 2023 - 12:00 a.m.
dav1d: Denial of Service
2023-10-0800:00:00
Gentoo Foundation
security.gentoo.org
16
denial of service
vulnerability
av1 decoder
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
57.3%
Background
dav1d is an AV1 decoder.
Description
In some circumstances, dav1d might treat an invalid frame as valid, resulting in a crash.
Impact
Malformed frame data can result in a denial of service.
Workaround
Users should avoid parsing untrusted video with dav1d.
Resolution
All dav1d users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/dav1d-1.2.0"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-libs/dav1d | < 1.2.0 | UNKNOWN |
Related
nessus
nessus
Fedora 37 : dav1d (2023-652b6e8847)
2023-07-08 00:00:00
GLSA-202310-05 : dav1d: Denial of Service
2023-10-08 00:00:00
Fedora 38 : dav1d (2023-9ea5d6e289)
2023-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: dav1d-1.2.1-1.fc38
2023-06-24 01:22:14
[SECURITY] Fedora 37 Update: dav1d-1.2.1-1.fc37
2023-07-08 01:15:05
alpinelinux
alpinelinux
CVE-2023-32570
2023-05-10 05:15:12
ubuntucve
ubuntucve
CVE-2023-32570
2023-05-10 00:00:00
nvd
nvd
CVE-2023-32570
2023-05-10 05:15:12
openvas
openvas
Fedora: Security Advisory for dav1d (FEDORA-2023-652b6e8847)
2023-07-09 00:00:00
Fedora: Security Advisory for dav1d (FEDORA-2023-9ea5d6e289)
2023-06-25 00:00:00
debiancve
debiancve
CVE-2023-32570
2023-05-10 05:15:12
veracode
veracode
Denial Of Service (DoS)
2023-08-06 11:56:28
cve
cve
CVE-2023-32570
2023-05-10 05:15:12
prion
prion
Race condition
2023-05-10 05:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2376
2024-03-19 12:41:40
cvelist
cvelist
CVE-2023-32570
2023-05-10 00:00:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
57.3%
Related for GLSA-202310-05