Vulnerabilites related to VideoLAN - dav1d
cve-2023-32570
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-28 15:42
Severity ?
EPSS score ?
Summary
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:18:37.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa", }, { tags: [ "x_transferred", ], url: "https://code.videolan.org/videolan/dav1d/-/tags/1.2.0", }, { name: "FEDORA-2023-9ea5d6e289", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/", }, { name: "FEDORA-2023-652b6e8847", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/", }, { name: "GLSA-202310-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202310-05", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32570", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:42:37.132034Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T15:42:41.962Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-08T07:06:18.188Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa", }, { url: "https://code.videolan.org/videolan/dav1d/-/tags/1.2.0", }, { name: "FEDORA-2023-9ea5d6e289", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/", }, { name: "FEDORA-2023-652b6e8847", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/", }, { name: "GLSA-202310-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202310-05", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-32570", datePublished: "2023-05-10T00:00:00.000Z", dateReserved: "2023-05-10T00:00:00.000Z", dateUpdated: "2025-01-28T15:42:41.962Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1580
Vulnerability from cvelistv5
Published
2024-02-19 10:34
Modified
2025-02-13 17:32
Severity ?
EPSS score ?
Summary
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1580", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T15:24:40.372465Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T15:25:01.918Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:40:21.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { tags: [ "x_transferred", ], url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214098", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214097", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214095", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214093", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214096", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214094", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "dav1d", repo: "https://code.videolan.org/videolan/dav1d", vendor: "VideoLAN", versions: [ { lessThan: "1.4.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2024-02-15T11:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.</p><br><br>", }, ], value: "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-27T18:05:51.666Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { url: "https://support.apple.com/kb/HT214098", }, { url: "https://support.apple.com/kb/HT214097", }, { url: "https://support.apple.com/kb/HT214095", }, { url: "https://support.apple.com/kb/HT214093", }, { url: "https://support.apple.com/kb/HT214096", }, { url: "https://support.apple.com/kb/HT214094", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, ], source: { discovery: "UNKNOWN", }, title: "Integer overflow in VideoLAN dav1d", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2024-1580", datePublished: "2024-02-19T10:34:55.113Z", dateReserved: "2024-02-16T12:23:14.335Z", dateUpdated: "2025-02-13T17:32:17.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-02-19 11:15
Modified
2025-02-13 18:16
Severity ?
5.9 (Medium) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:videolan:dav1d:*:*:*:*:*:*:*:*", matchCriteriaId: "B21FACDB-790F-4BDF-AE54-72C70D1880C0", versionEndExcluding: "1.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "5B0BD32E-FA45-4796-956D-D1F2C049171E", versionEndExcluding: "17.4.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "35B07242-1592-4814-8866-FA7DA2021DDC", versionEndExcluding: "16.7.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "027265B2-C0CD-46D8-BF40-5E591CFDE9D6", versionEndExcluding: "17.4.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "4450D591-7B62-4339-9F0F-08C51F701967", versionEndExcluding: "16.7.7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "9AA95646-94B7-4C20-9B69-371409BA4E22", versionEndExcluding: "17.4.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "55A1512B-3C9A-428C-97BD-B3B6813B150D", versionEndExcluding: "13.6.6", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "580B86E1-BCC1-419C-86B7-2A33DA257401", versionEndExcluding: "14.4.1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", matchCriteriaId: "C8418E27-11BA-4DE1-9596-6E88F5A9C052", versionEndExcluding: "1.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.", }, { lang: "es", value: "Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tamaño de cuadro grande. Esto puede provocar daños en la memoria del decodificador AV1. Recomendamos actualizar la versión anterior 1.4.0 de dav1d.", }, ], id: "CVE-2024-1580", lastModified: "2025-02-13T18:16:25.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 4.7, source: "cve-coordination@google.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-19T11:15:08.817", references: [ { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { source: "cve-coordination@google.com", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { source: "cve-coordination@google.com", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { source: "cve-coordination@google.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214093", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214094", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214095", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214096", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214097", }, { source: "cve-coordination@google.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://seclists.org/fulldisclosure/2024/Mar/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214098", }, ], sourceIdentifier: "cve-coordination@google.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "cve-coordination@google.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-10 05:15
Modified
2025-01-28 16:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | dav1d | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:videolan:dav1d:*:*:*:*:*:*:*:*", matchCriteriaId: "D07D2D35-E931-463D-A3A0-95181372B263", versionEndExcluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.", }, { lang: "es", value: "VideoLAN dav1d anterior a 1.2.0 tiene una condición de ejecución thread_task.c que puede provocar un bloqueo de la aplicación, relacionado con dav1d_decode_frame_exit.", }, ], id: "CVE-2023-32570", lastModified: "2025-01-28T16:15:36.333", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-10T05:15:12.190", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/tags/1.2.0", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202310-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://code.videolan.org/videolan/dav1d/-/tags/1.2.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202310-05", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }