CVE-2024-1580
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Published Feb 19, 2024
Updated: Mar 27, 2024
CWE ID 190
Summary
CVE-2024-1580 is an integer overflow vulnerability impacting the dav1d AV1 decoder. This issue can be triggered when decoding videos with unusually large frame sizes, resulting in memory corruption within the decoder. Upgrading to a version of dav1d beyond 1.4.0 is strongly advised to mitigate this risk. The memory corruption can potentially allow attackers to execute arbitrary code or cause system instability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share