An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0
rav1e 0.7.1
This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
rav1e
(48 total, 6 outdated, 1 possibly insecure)
Crate | Required | Latest | Status |
---|---|---|---|
aom-sys | ^0.3.3 | 0.3.3 | up to date |
arbitrary | ^1.3 | 1.4.1 | up to date |
arg_enum_proc_macro | ^0.3.4 | 0.3.4 | up to date |
arrayvec | ^0.7 | 0.7.6 | up to date |
av-metrics | ^0.9.1 | 0.9.1 | up to date |
av1-grain | ^0.2.2 | 0.2.3 | up to date |
backtrace | ^0.3 | 0.3.74 | up to date |
bitstream-io | ^2 | 2.6.0 | up to date |
byteorder | ^1.5.0 | 1.5.0 | up to date |
cfg-if | ^1.0 | 1.0.0 | up to date |
clap | ^4.4.11 | 4.5.26 | up to date |
clap_complete | ^4.4.5 | 4.5.42 | up to date |
console | ^0.15 | 0.15.10 | up to date |
crossbeam | ^0.8 | 0.8.4 | up to date |
libdav1d-sys ⚠️ | ^0.6.0 | 0.7.1+libdav1d.1.4.3 | out of date |
fern | ^0.6 | 0.7.1 | out of date |
image | ^0.24.7 | 0.25.5 | out of date |
interpolate_name | ^0.2.4 | 0.2.4 | up to date |
itertools | ^0.12 | 0.14.0 | out of date |
ivf | ^0.1 | 0.1.3 | up to date |
libc | ^0.2 | 0.2.169 | up to date |
libfuzzer-sys | ^0.4.7 | 0.4.8 | up to date |
log | ^0.4 | 0.4.22 | up to date |
new_debug_unreachable | ^1.0.4 | 1.0.6 | up to date |
nom | ^7.1.3 | 7.1.3 | up to date |
noop_proc_macro | ^0.3.0 | 0.3.0 | up to date |
num-derive | ^0.4 | 0.4.2 | up to date |
num-traits | ^0.2 | 0.2.19 | up to date |
once_cell | ^1.19.0 | 1.20.2 | up to date |
paste | ^1.0 | 1.0.15 | up to date |
profiling | ^1 | 1.0.16 | up to date |
rand | ^0.8 | 0.8.5 | up to date |
rand_chacha | ^0.3 | 0.3.1 | up to date |
maybe-rayon | ^0.1 | 0.1.1 | up to date |
scan_fmt | ^0.2.6 | 0.2.6 | up to date |
serde | ^1.0 | 1.0.217 | up to date |
serde-big-array | ^0.5.1 | 0.5.1 | up to date |
signal-hook | ^0.3 | 0.3.17 | up to date |
simd_helpers | ^0.1 | 0.1.0 | up to date |
system-deps | ^6 | 7.0.3 | out of date |
thiserror | ^1.0 | 2.0.11 | out of date |
toml | ^0.8 | 0.8.19 | up to date |
tracing | ^0.1.40 | 0.1.41 | up to date |
tracing-chrome | ^0.7.1 | 0.7.2 | up to date |
tracing-subscriber | ^0.3.18 | 0.3.19 | up to date |
v_frame | ^0.3.7 | 0.3.8 | up to date |
wasm-bindgen | ^0.2.89 | 0.2.100 | up to date |
y4m | ^0.8 | 0.8.0 | up to date |
(9 total, all up-to-date)
Crate | Required | Latest | Status |
---|---|---|---|
assert_cmd | ^2.0 | 2.0.16 | up to date |
criterion | ^0.5 | 0.5.1 | up to date |
interpolate_name | ^0.2.4 | 0.2.4 | up to date |
nom | ^7.1.3 | 7.1.3 | up to date |
pretty_assertions | ^1.4.0 | 1.4.1 | up to date |
quickcheck | ^1.0 | 1.0.3 | up to date |
rand | ^0.8 | 0.8.5 | up to date |
rand_chacha | ^0.3 | 0.3.1 | up to date |
semver | ^1.0 | 1.0.24 | up to date |
libdav1d-sys
: dav1d AV1 decoder integer overflowAn integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0