Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3756

Опубликовано: 29 окт. 2022
Источник: redhat
CVSS3: 8.8

Описание

[REJECTED CVE] A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely.

Отчет

This is a CVE for quicktime video which is not built in any RHEL or Fedora release and therefore our packages are not affected. Also, this CVE has been rejected by Upstream.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-023Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-026Out of support scope
Red Hat Enterprise Linux 7exiv2Out of support scope
Red Hat Enterprise Linux 8compat-exiv2-026Not affected
Red Hat Enterprise Linux 8exiv2Not affected
Red Hat Enterprise Linux 9exiv2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-189
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2141908exiv2: integer overflow in quicktimevideo.cpp

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3756

ubuntu
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

nvd логотип

CVE-2022-3756

nvd
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

github логотип

GHSA-4mwp-jhj2-q2gx

CVSS3: 8.8
github
почти 3 года назад

A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.

fstec логотип

BDU:2022-06710

CVSS3: 8.8
fstec
почти 3 года назад

Уязвимость функции QuickTimeVideo::userDataDecoder файла quicktimevideo.cpp библиотеки и утилиты командной строки для управления метаданными изображений Exiv2, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20221009-01

CVSS3: 9.8
redos
почти 3 года назад

Множественные уязвимости Exiv2

8.8 High

CVSS3