GHSA-mc39-h54g-pvw6: libdav1d-sys affected by dav1d AV1 decoder integer overflow

April 5, 2024

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0.

References

github.com/advisories/GHSA-mc39-h54g-pvw6
github.com/njaard/libavif-rs
rustsec.org/advisories/RUSTSEC-2024-0016.html
www.cvedetails.com/cve/CVE-2024-1580

Code Behaviors & Features

Detect and mitigate GHSA-mc39-h54g-pvw6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →