Описание
[REJECTED CVE] A vulnerability has been found in Exiv2. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely.
Отчет
This is a CVE for quicktime video which is not built in any RHEL or Fedora release and therefore our packages are not affected. Also, this CVE has been rejected by Upstream.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | exiv2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-023 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-exiv2-026 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | exiv2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | compat-exiv2-026 | Not affected | ||
| Red Hat Enterprise Linux 8 | exiv2 | Not affected | ||
| Red Hat Enterprise Linux 9 | exiv2 | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability.
Уязвимость функции QuickTimeVideo::userDataDecoder файла quicktimevideo.cpp библиотеки и утилиты командной строки для управления метаданными изображений Exiv2, позволяющая нарушителю выполнить атаку отказа в обслуживании
7.5 High
CVSS3