Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3757

Опубликовано: 29 окт. 2022
Источник: redhat
CVSS3: 8.8

Описание

[REJECTED CVE] A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely.

Отчет

This is a CVE for quicktime video which is not built in any RHEL or Fedora release and therefore our packages are not affected. Also, this CVE has been rejected by Upstream.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6exiv2Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-023Out of support scope
Red Hat Enterprise Linux 7compat-exiv2-026Out of support scope
Red Hat Enterprise Linux 7exiv2Out of support scope
Red Hat Enterprise Linux 8compat-exiv2-026Not affected
Red Hat Enterprise Linux 8exiv2Not affected
Red Hat Enterprise Linux 9exiv2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2141910exiv2: Heap-buffer-overflow in Exiv2::MemIo::read

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3757

ubuntu
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

nvd логотип

CVE-2022-3757

nvd
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

github логотип

GHSA-f32h-rx5h-cj4v

CVSS3: 8.8
github
почти 3 года назад

A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability.

fstec логотип

BDU:2022-06714

CVSS3: 8.8
fstec
почти 3 года назад

Уязвимость функции QuickTimeVideo::decodeBlock файла quicktimevideo.cpp библиотеки и утилиты командной строки для управления метаданными изображений Exiv2, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20221009-01

CVSS3: 9.8
redos
почти 3 года назад

Множественные уязвимости Exiv2

8.8 High

CVSS3