Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3717

Опубликовано: 27 окт. 2022
Источник: redhat
CVSS3: 7.5

Описание

[REJECTED CVE] A vulnerability has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely.

Отчет

This is a CVE for a new code that's in unreleased exiv2 and therefore our packages are not affected. Also, this CVE has been rejected by Upstream.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-023Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-026Out of support scope
Red Hat Enterprise Linux 7exiv2Out of support scope
Red Hat Enterprise Linux 8compat-exiv2-026Not affected
Red Hat Enterprise Linux 8exiv2Not affected
Red Hat Enterprise Linux 9exiv2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2141911exiv2: multiple memory corruption in bmffimage.cpp

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3717

ubuntu
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

nvd логотип

CVE-2022-3717

nvd
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

github логотип

GHSA-wx73-x679-vc26

CVSS3: 9.8
github
почти 3 года назад

A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348.

fstec логотип

BDU:2022-06713

CVSS3: 9.8
fstec
почти 3 года назад

Уязвимость функции BmffImage::boxHandler файла bmffimage.cpp библиотеки и утилиты командной строки для управления метаданными изображений Exiv2, позволяющая нарушителю вызвать атаку отказа в обслуживании

redos логотип

ROS-20221009-01

CVSS3: 9.8
redos
почти 3 года назад

Множественные уязвимости Exiv2

7.5 High

CVSS3