{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-1580","assignerOrgId":"14ed7db2-1595-443d-9d34-6215bf890778","state":"PUBLISHED","assignerShortName":"Google","dateReserved":"2024-02-16T12:23:14.335Z","datePublished":"2024-02-19T10:34:55.113Z","dateUpdated":"2025-02-13T17:32:17.584Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"dav1d","repo":"https://code.videolan.org/videolan/dav1d","vendor":"VideoLAN","versions":[{"lessThan":"1.4.0","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2024-02-15T11:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.</p><br><br>"}],"value":"An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d."}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"CWE-190 Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"14ed7db2-1595-443d-9d34-6215bf890778","shortName":"Google","dateUpdated":"2024-03-27T18:05:51.666Z"},"references":[{"url":"https://code.videolan.org/videolan/dav1d/-/releases/1.4.0"},{"url":"https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/"},{"url":"https://support.apple.com/kb/HT214098"},{"url":"https://support.apple.com/kb/HT214097"},{"url":"https://support.apple.com/kb/HT214095"},{"url":"https://support.apple.com/kb/HT214093"},{"url":"https://support.apple.com/kb/HT214096"},{"url":"https://support.apple.com/kb/HT214094"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/41"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/36"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/38"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/37"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/40"},{"url":"http://seclists.org/fulldisclosure/2024/Mar/39"}],"source":{"discovery":"UNKNOWN"},"title":"Integer overflow in VideoLAN dav1d","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-26T15:24:40.372465Z","id":"CVE-2024-1580","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-26T15:25:01.918Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:40:21.411Z"},"title":"CVE Program Container","references":[{"url":"https://code.videolan.org/videolan/dav1d/-/releases/1.4.0","tags":["x_transferred"]},{"url":"https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214098","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214097","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214095","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214093","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214096","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214094","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/41","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/36","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/38","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/37","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/40","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/39","tags":["x_transferred"]}]}]}}