Race Condition in VideoLAN's Dav1d Library Could Cause Application Crashes
CVE-2023-32570

5.9MEDIUM

Key Information:

Vendor: Videolan
Status: Dav1d
Vendor: CVE Published:; 10 May 2023

Summary

A race condition vulnerability in the VideoLAN dav1d library prior to version 1.2.0 can lead to an unexpected application crash. This issue, specifically found in the thread_task.c file, relates to the dav1d_decode_frame_exit function. When multiple threads attempt to access shared resources concurrently, it may result in inconsistent states that compromise application stability. It's crucial for users to upgrade to version 1.2.0 or later to mitigate this risk and ensure reliable functionality.

References

https://code.videolan.org/videolan/dav1d/-/commit/cf617fd...

https://code.videolan.org/videolan/dav1d/-/tags/1.2.0

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
May 10, 2023