From 2d47fb6fcc502b4088c2243f5994a2fdce7c51ef Mon Sep 17 00:00:00 2001
From: Kalle Samuels <github@charles.derkarl.org>
Date: Mon, 19 Feb 2024 09:15:45 -0800
Subject: [PATCH] CVE for libdav1d-sys (#1895)

---
 crates/libdav1d-sys/RUSTSEC-0000-0000.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 crates/libdav1d-sys/RUSTSEC-0000-0000.md

diff --git a/crates/libdav1d-sys/RUSTSEC-0000-0000.md b/crates/libdav1d-sys/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..b0c5d67
--- /dev/null
+++ b/crates/libdav1d-sys/RUSTSEC-0000-0000.md
@@ -0,0 +1,17 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libdav1d-sys"
+date = "2024-02-19"
+url = "https://www.cvedetails.com/cve/CVE-2024-1580/"
+categories = ["memory-corruption"]
+keywords = ["integer-overflow"]
+
+[affected]
+[versions]
+patched = [">= 0.7.0"]
+```
+
+# dav1d AV1 decoder integer overflow
+
+An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0