{"vulnerability": "CVE-2024-1580", "sightings": [{"uuid": "d91159f4-5e74-44dd-a2c5-3b6da3fa74b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html", "content": "", "creation_timestamp": "2024-10-03T17:01:00.000000Z"}, {"uuid": "6b89748f-21dd-4e2d-8722-25ee5efbc1a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "seen", "source": "Telegram/8q8YnM-zVM6Pwlv14lbDONKhIf-QoPM7NpBPRt6uCi-w9ZHY", "content": "", "creation_timestamp": "2024-10-08T21:38:57.000000Z"}, {"uuid": "d420446b-9b4a-4887-8f91-18e57b6ef0ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "seen", "source": "https://t.me/arpsyndicate/3672", "content": "#ExploitObserverAlert\n\nCVE-2024-1580\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1580. An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.", "creation_timestamp": "2024-02-20T18:50:27.000000Z"}, {"uuid": "5dd504a0-d6ff-49b2-8537-0306bae72b5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "seen", "source": "https://t.me/ctinow/203202", "content": "https://ift.tt/SwZV2Kz\nCVE-2024-1580 | VideoLAN dav1d up to 1.3.x AV1 Decoder integer overflow", "creation_timestamp": "2024-03-08T10:22:18.000000Z"}, {"uuid": "acca4b9a-8a2c-4ce4-b74f-191933174d1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "published-proof-of-concept", "source": "Telegram/O1jGEiJwsW54XeWhwGUJgJqHcIqHB0EKwxaaMX-fM4RqOD0", "content": "", "creation_timestamp": "2024-05-17T10:53:18.000000Z"}, {"uuid": "4fb59010-d3b5-42b2-9e94-29d5db24bc7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5572", "content": "Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 iOS 17.4.1 \u0438 macOS Sonoma 14.4.1 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-1580 \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0435 \u043a \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430.\n\n\u041e\u043d\u0430 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b CoreMedia \u0438 WebRTC \u043a\u0430\u043a iOS, \u0442\u0430\u043a \u0438 macOS \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439.\n\n\u0414\u0435\u0444\u0435\u043a\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0435 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0435\u043d \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple, \u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u044b\u0439 \u0434\u0435\u043a\u043e\u0434\u0435\u0440 AV1 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c\u00a0dav1d, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 dav1d 1.4.0.\n\n\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432 \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0435 dav1d AV1 \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u0443\u0442\u044c \u043f\u0440\u0438 \u0434\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0432\u0438\u0434\u0435\u043e \u0441 \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u043a\u0430\u0434\u0440\u0430 \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0435 AV1.\n\nApple \u0440\u0435\u0448\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0430.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0433\u0438\u0433\u0430\u043d\u0442 \u0432\u043a\u043b\u044e\u0447\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 iOS \u0438 iPadOS 17.4.1, iOS \u0438 iPadOS 16.7.7, VisionOS 1.1.1, macOS Sonoma 14.4.1, macOS Ventura 13.6.6 \u0438 Safari 17.4.1 (\u0434\u043b\u044f macOS Monterey \u0438 macOS Ventura).\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c Google Project Zero \u041d\u0438\u043a\u043e\u043c \u0413\u0430\u043b\u043b\u043e\u0443\u044d\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0441\u044f\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u043c PoC.\n\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e CVE-2024-1580 \u0438\u043c\u0435\u0435\u0442 \u0441\u0440\u0435\u0434\u043d\u044e\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u041d\u043e \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0438\u0437 \u0441\u0435\u0442\u0438 \u0441 \u043d\u0438\u0437\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0438 \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041f\u043e\u043a\u0430 \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0445 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043d\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u043b\u043e, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u0441\u0435 \u0436\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043d\u0430\u0441\u0442\u043e\u0440\u043e\u0436\u0438\u0442\u044c\u0441\u044f, \u0432\u0435\u0434\u044c Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f CVE-2024-1580, \u0447\u0442\u043e \u0443\u0436\u0435 \u043e \u0447\u0435\u043c-\u0442\u043e \u0433\u043e\u0432\u043e\u0440\u0438\u0442.\n\n\u0411\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2024-03-27T12:03:49.000000Z"}, {"uuid": "e9a6d8e2-7e99-419d-b38d-8cdf508a7442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "seen", "source": "https://t.me/ctinow/187616", "content": "https://ift.tt/5kE0sCt\nCVE-2024-1580", "creation_timestamp": "2024-02-19T12:31:31.000000Z"}, {"uuid": "7447b768-9e1d-4c5d-89e4-ffd878b9af67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "seen", "source": "https://t.me/ctinow/187611", "content": "https://ift.tt/5kE0sCt\nCVE-2024-1580", "creation_timestamp": "2024-02-19T12:21:31.000000Z"}, {"uuid": "dcf62a20-6724-4864-821d-aeef6942c062", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1580", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10182", "content": "#exploit\n1. CVE-2024-1580:\ndav1d Integer Overflow/OOB Write\nhttps://packetstormsecurity.com/files/177632/dav1d-Integer-Overflow-Out-Of-Bounds-Write.html\n\n2. CVE-2024-28353, CVE-2024-28354:\nTrendNet TWEW-827DRU Router Vulnerability\nhttps://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791", "creation_timestamp": "2024-03-19T23:15:48.000000Z"}]}