Lucene search

DebianDEBIAN:DSA-5686-1:99AA4

HistoryMay 09, 2024 - 2:47 p.m.

[SECURITY] [DSA 5686-1] dav1d security update

2024-05-0914:47:00

lists.debian.org

cve-2024-1580

debian

integer overflow

security update

dav1d

5.9 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

5.7 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.5%

JSON

Debian Security Advisory DSA-5686-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2024 https://www.debian.org/security/faq

Package : dav1d
CVE ID : CVE-2024-1580

Nick Galloway discovered an integer overflow in dav1d, a fast and small
AV1 video stream decoder which could result in memory corruption.

For the oldstable distribution (bullseye), this problem has been fixed
in version 0.7.1-3+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 1.0.0-2+deb12u1.

We recommend that you upgrade your dav1d packages.

For the detailed security status of dav1d please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dav1d

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11alllibdav1d4< 0.7.1-3+deb11u1libdav1d4_0.7.1-3+deb11u1_all.deb
Debianbookwormalllibdav1d-dev< 1.0.0-2+deb12u1libdav1d-dev_1.0.0-2+deb12u1_all.deb
Debianbookwormalldav1d< 1.0.0-2+deb12u1dav1d_1.0.0-2+deb12u1_all.deb
Debian11alldav1d< 0.7.1-3+deb11u1dav1d_0.7.1-3+deb11u1_all.deb
Debian11alllibdav1d-dev< 0.7.1-3+deb11u1libdav1d-dev_0.7.1-3+deb11u1_all.deb
Debianbookwormalllibdav1d6< 1.0.0-2+deb12u1libdav1d6_1.0.0-2+deb12u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	libdav1d4	< 0.7.1-3+deb11u1	libdav1d4_0.7.1-3+deb11u1_all.deb
Debian	bookworm	all	libdav1d-dev	< 1.0.0-2+deb12u1	libdav1d-dev_1.0.0-2+deb12u1_all.deb
Debian	bookworm	all	dav1d	< 1.0.0-2+deb12u1	dav1d_1.0.0-2+deb12u1_all.deb
Debian	11	all	dav1d	< 0.7.1-3+deb11u1	dav1d_0.7.1-3+deb11u1_all.deb
Debian	11	all	libdav1d-dev	< 0.7.1-3+deb11u1	libdav1d-dev_0.7.1-3+deb11u1_all.deb
Debian	bookworm	all	libdav1d6	< 1.0.0-2+deb12u1	libdav1d6_1.0.0-2+deb12u1_all.deb