VDB-212349 · ~~CVE-2022-3718~~

Exiv2 QuickTime Video quicktimevideo.cpp decodeBlock null pointer dereference 🚫 [False Positive]

A vulnerability was suspected in Exiv2. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all. Issue was introduced on the main (dev) branch and fixed shortly afterwards, so none of the official releases were ever affected.

Field	11/21/2022 13:11	11/25/2022 17:31	11/25/2022 17:39
name	Exiv2	Exiv2	Exiv2
component	QuickTime Video Handler	QuickTime Video Handler	QuickTime Video Handler
file	quicktimevideo.cpp	quicktimevideo.cpp	quicktimevideo.cpp
function	QuickTimeVideo::decodeBlock	QuickTimeVideo::decodeBlock	QuickTimeVideo::decodeBlock
cwe	476 (null pointer dereference)	476 (null pointer dereference)	476 (null pointer dereference)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
url	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053
name	Patch	Patch	Patch
patch_name	459910c36a21369c09b75bcfa82f287c9da56abf	459910c36a21369c09b75bcfa82f287c9da56abf	459910c36a21369c09b75bcfa82f287c9da56abf
patch_url	https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf	https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf	https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf
cve	CVE-2022-3718	CVE-2022-3718	CVE-2022-3718
responsible	VulDB	VulDB	VulDB
date	1666821600 (10/27/2022)	1666821600 (10/27/2022)	1666821600 (10/27/2022)
type	Image Processing Software	Image Processing Software	Image Processing Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	4.1	4.1	4.1
price_0day
disputed	1	1	1
falsepositive	1	1	1
response_summary	Issue was introduced on the main (dev) branch and fixed shortly afterwards, so none of the official releases were ever affected.	Issue was introduced on the main (dev) branch and fixed shortly afterwards, so none of the official releases were ever affected.	Issue was introduced on the main (dev) branch and fixed shortly afterwards, so none of the official releases were ever affected.
identifier		459910c36a21369c09b75bcfa82f287c9da56abf	459910c36a21369c09b75bcfa82f287c9da56abf
cve_assigned		1666821600 (10/27/2022)	1666821600 (10/27/2022)
cve_nvd_summary			A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability.

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!