CVE-2023-32570

Name
CVE-2023-32570
Description
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://code.videolan.org/videolan/dav1d/-/tags/1.2.0
MISC https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/
Third Party Advisory https://security.gentoo.org/glsa/202310-05
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:videolan:dav1d:*:*:*:*:*:*:*:* dav1d >= None < 1.2.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
dav1d 3.17-main 1.0.0-r2 Bart Ribbers <bribbers@disroot.org> possibly vulnerable