Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 906107 (CVE-2023-32570) - <media-libs/dav1d-1.2.0: race condition leading to crash
Summary: <media-libs/dav1d-1.2.0: race condition leading to crash
Alias: CVE-2023-32570
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa? cleanup]
Depends on: 910088
  Show dependency tree
Reported: 2023-05-11 04:21 UTC by John Helmert III
Modified: 2023-07-25 03:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-11 04:21:01 UTC

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

Please bump to 1.2.0.
Comment 1 Luca Barbato gentoo-dev 2023-05-13 15:11:15 UTC
Thank you for the report!
Comment 2 Luca Barbato gentoo-dev 2023-05-13 16:03:07 UTC
I'll wait for to be fixed.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-23 04:44:48 UTC
(In reply to Luca Barbato from comment #2)
> I'll wait for to be
> fixed.

Closed with:
Comment 4 Larry the Git Cow gentoo-dev 2023-05-31 07:00:19 UTC
The bug has been referenced in the following commit(s):

commit 1e355a878b25f04e312e370946575fab5a0a785e
Author:     Sam James <>
AuthorDate: 2023-05-31 06:39:04 +0000
Commit:     Sam James <>
CommitDate: 2023-05-31 06:56:27 +0000

    media-libs/dav1d: add 1.2.0
    Signed-off-by: Sam James <>

 media-libs/dav1d/Manifest           |  1 +
 media-libs/dav1d/dav1d-1.2.0.ebuild | 61 +++++++++++++++++++++++++++++++++++++
 media-libs/dav1d/dav1d-9999.ebuild  | 12 +++++---
 3 files changed, 69 insertions(+), 5 deletions(-)