CVE-2023-32570

Summary

CVE	CVE-2023-32570
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-05-10 05:15:00 UTC
Updated	2023-11-07 04:14:00 UTC
Description	VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

Risk And Classification

Problem Types: CWE-362

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Application	Videolan	Dav1d	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 38 Update: dav1d-1.2.1-1.fc38 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 38 Update: dav1d-1.2.1-1.fc38 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 37 Update: dav1d-1.2.1-1.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 37 Update: dav1d-1.2.1-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
threading: Ensure passing the correct retval to decode_frame_exit (cf617fda) · Commits · VideoLAN / dav1d · GitLab	MISC	code.videolan.org
1.2.0 · Tags · VideoLAN / dav1d · GitLab	MISC	code.videolan.org
dav1d: Denial of Service (GLSA 202310-05) — Gentoo security	GENTOO	security.gentoo.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

284047 Fedora Security Update for dav1d (FEDORA-2023-9ea5d6e289)
284310 Fedora Security Update for dav1d (FEDORA-2023-652b6e8847)
710768 Gentoo Linux dav1dDenial of Service (DoS) Vulnerability (GLSA 202310-05)