You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a project that uses libavif with dav1d decoder, which has a recent bug (CVE-2024-1580). I'm not sure if libavif is affected though, and I would appreciate some help to confirm this in order to decide whether I need to update immediately.
I believe this required large frame sizes (https://crbug.com/325284120 for those with access). libavif sets a default of 16384x16384 like Chrome does, so wouldn't be vulnerable unless this size was increased.
And yes, it looks like having a frame delay > 1 was necessary.
I have a project that uses libavif with dav1d decoder, which has a recent bug (CVE-2024-1580). I'm not sure if libavif is affected though, and I would appreciate some help to confirm this in order to decide whether I need to update immediately.
The vulnerable code path in dav1d is only reached when c->n_fc > 1 (https://code.videolan.org/videolan/dav1d/-/blob/2b475307dc11be9a1c3cc4358102c76a7f386a51/src/decode.c#L2845), where c is the dav1d context.
The way libavif calls into dav1d, the max frame delay is hardcoded to 1 in the dav1d settings (https://github.com/AOMediaCodec/libavif/blob/main/src/codec_dav1d.c#L63), which intern means that c->n_fc in dav1d is always 1 (https://code.videolan.org/videolan/dav1d/-/blob/master/src/lib.c?ref_type=heads#L122).
From my understand, this should mean that libavif isn't affected. Am I missing something?
The text was updated successfully, but these errors were encountered: