Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3755

Опубликовано: 29 окт. 2022
Источник: redhat
CVSS3: 6.5

Описание

[REJECTED CVE] A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely

Отчет

This is a CVE for quicktime video which is not built in any RHEL or Fedora release and therefore our packages are not affected. Also, this CVE has been rejected by Upstream.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-023Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-026Out of support scope
Red Hat Enterprise Linux 7exiv2Out of support scope
Red Hat Enterprise Linux 8compat-exiv2-026Not affected
Red Hat Enterprise Linux 8exiv2Not affected
Red Hat Enterprise Linux 9exiv2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-404
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2141907exiv2: Null-dereference READ in Exiv2::QuickTimeVideo::userDataDecoder

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3755

ubuntu
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

nvd логотип

CVE-2022-3755

nvd
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

github логотип

GHSA-p6wg-3r8f-8hp2

CVSS3: 6.5
github
почти 3 года назад

A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.

fstec логотип

BDU:2022-06709

CVSS3: 6.5
fstec
почти 3 года назад

Уязвимость функции QuickTimeVideo::userDataDecoder файла quicktimevideo.cpp библиотеки и утилиты командной строки для управления метаданными изображений Exiv2, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20221009-01

CVSS3: 9.8
redos
почти 3 года назад

Множественные уязвимости Exiv2

6.5 Medium

CVSS3