Lucene search

ROSA LABROSA-SA-2024-2376

HistoryMar 19, 2024 - 12:41 p.m.

Advisory ROSA-SA-2024-2376

2024-03-1912:41:40

ROSA LAB

abf.rosalinux.ru

advisory

dav1d

rosa-chrome

medium severity

thread_task.c

race condition

cve-2023-32570

application crash

fixed

update command

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

57.3%

JSON

Software: dav1d 1.3.0
AXIS: ROSA-CHROME

package_evr_string: dav1d-1.3.0-1.src.rpm

CVE-ID: CVE-2023-32570
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: VideoLAN dav1d has a thread_task.c race condition that could cause an application crash associated with dav1d_decode_frame_exit.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update dav1d

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchdav1d< 1.3.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	dav1d	< 1.3.0	UNKNOWN

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

57.3%

JSON

Related for ROSA-SA-2024-2376