CVE-2023-32570: https://code.videolan.org/videolan/dav1d/-/tags/1.2.0 VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Please bump to 1.2.0.
Thank you for the report!
I'll wait for https://code.videolan.org/videolan/dav1d/-/issues/426 to be fixed.
(In reply to Luca Barbato from comment #2) > I'll wait for https://code.videolan.org/videolan/dav1d/-/issues/426 to be > fixed. Closed with: https://code.videolan.org/videolan/dav1d/-/commit/5c584cb332e585e2527f08a5d596fad59c1f8c9b
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e355a878b25f04e312e370946575fab5a0a785e commit 1e355a878b25f04e312e370946575fab5a0a785e Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-31 06:39:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-31 06:56:27 +0000 media-libs/dav1d: add 1.2.0 Bug: https://bugs.gentoo.org/906107 Signed-off-by: Sam James <sam@gentoo.org> media-libs/dav1d/Manifest | 1 + media-libs/dav1d/dav1d-1.2.0.ebuild | 61 +++++++++++++++++++++++++++++++++++++ media-libs/dav1d/dav1d-9999.ebuild | 12 +++++--- 3 files changed, 69 insertions(+), 5 deletions(-)