PT-2023-23880 · Videolan+3 · Dav1D+3

Victorien Le Couviour--Tuffet

Publicado

2023-05-09

Atualizado

2025-08-12

CVE-2023-32570

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions VideoLAN dav1d versions prior to 1.2.0

Description The issue is related to a thread task.c race condition that can lead to an application crash. This condition is associated with the dav1d decode frame exit function.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the dav1d decode frame exit function until a patch is available.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2023-1906

ALT-PU-2024-2955

ALT-PU-2024-4636

CVE-2023-32570

ECHO-CA6C-4314-8DC3

OPENSUSE-SU-2024:13730-1

ROSA-SA-2024-2376

SUSE-SU-2023:2618-1

SUSE-SU-2023_2618-1

Produtos afetados

Alt Linux

Debian

Suse

Dav1D

PT-2023-23880 · Videolan+3 · Dav1D+3

CVE-2023-32570

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21