Race Condition in VideoLAN's Dav1d Library Could Cause Application Crashes
CVE-2023-32570

5.9MEDIUM

Key Information:

Vendor: Videolan
Status: Dav1d
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-32570?

A race condition vulnerability in the VideoLAN dav1d library prior to version 1.2.0 can lead to an unexpected application crash. This issue, specifically found in the thread_task.c file, relates to the dav1d_decode_frame_exit function. When multiple threads attempt to access shared resources concurrently, it may result in inconsistent states that compromise application stability. It's crucial for users to upgrade to version 1.2.0 or later to mitigate this risk and ensure reliable functionality.

References

https://code.videolan.org/videolan/dav1d/-/commit/cf617fd...

https://code.videolan.org/videolan/dav1d/-/tags/1.2.0

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
May 10, 2023

Videolan

What is CVE-2023-32570?

References

CVSS V3.1

Timeline