AV1 Integer Overflow

Paul Ducklin (tweet):

The security vulnerablities themselves turn out to be a single bug, or at least to be covered by a single bug identifier, CVE-2024-1580, which was found and reported by Nick Galloway, a researcher in Google’s Project Zero bug-hunting team[…]

[…]

We’re guessing, from Apple’s purposeful silence when the first fixes came out last week, that the CVE-2024-1580 bug was considered dangerous to document before the patches for other platforms, notably macOS, were published.

We’re further guessing that this implies that even with just basic information on what to look for and where to start, cybercriminals will be able to work backwards from the patches to construct a working exploit.

However, it seems that the details had already been made public in February.

CVE-2024-1580:

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder.

Previously:

• macOS 14.4.1
• macOS 13.6.6
• iOS 17.4.1 and iPadOS 17.4.1

Exploit Integer Overflow iOS iOS 17 Mac macOS 14 Sonoma Quartz Security Video

Comments RSS · Twitter · Mastodon

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ