CVE-2022-3755: Exiv2 QuickTime Video quicktimevideo.cpp userDataDecoder denial of service [Fałszywie Pozytywny]

1	28

exploit_price_0day	2
source_cve_nvd_summary	1
source_cve_assigned	1
advisory_identifier	1
cna_response_summary	1

90%	32
50%	10
70%	3
100%	3

90%

50%

70%

100%

90%	32
80%	10
70%	3
100%	3

90%

80%

70%

100%

ID	Zaangażowany	Użytkownik	Pole	Zmiana	Uwagi	Przyjęty	Status	C
13310145	2022-11-26	VulD...	cve_nvd_summary	A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.	cvedetails.com	2022-11-26	przyjęty	70
13310144	2022-11-26	VulD...	cve_assigned	1666994400 (2022-10-29)	cve.mitre.org	2022-11-26	przyjęty	70
13310143	2022-11-26	VulD...	identifier	6bb956ad808590ce2321b9ddf6772974da27c4ca	cve.mitre.org	2022-11-26	przyjęty	70
13292662	2022-11-21	VulD...	price_0day		see exploit price documentation	2022-11-21	przyjęty	90
13292661	2022-11-21	VulD...	response_summary	Issue was introduced on the main (dev) branch and fixed shortly afterwards, so none of the official releases were ever affected.		2022-11-21	przyjęty	100
13292660	2022-11-21	VulD...	falsepositive	1		2022-11-21	przyjęty	100
13292659	2022-11-21	VulD...	disputed	1		2022-11-21	przyjęty	100
13198167	2022-10-29	VulD...	price_0day	$0-$5k	see exploit price documentation	2022-10-29	przyjęty	90
13198166	2022-10-29	VulD...	cvss3_meta_tempscore	4.1	see CVSS documentation	2022-10-29	przyjęty	90
13198165	2022-10-29	VulD...	cvss3_meta_basescore	4.3	see CVSS documentation	2022-10-29	przyjęty	90
13198164	2022-10-29	VulD...	cvss3_vuldb_tempscore	4.1	see CVSS documentation	2022-10-29	przyjęty	90
13198163	2022-10-29	VulD...	cvss3_vuldb_basescore	4.3	see CVSS documentation	2022-10-29	przyjęty	90
13198162	2022-10-29	VulD...	cvss2_vuldb_tempscore	4.4	see CVSS documentation	2022-10-29	przyjęty	90
13198161	2022-10-29	VulD...	cvss2_vuldb_basescore	5.0	see CVSS documentation	2022-10-29	przyjęty	90
13198160	2022-10-29	VulD...	cvss3_vuldb_e	X	derived from historical data	2022-10-29	przyjęty	80
13198159	2022-10-29	VulD...	cvss2_vuldb_e	ND	derived from historical data	2022-10-29	przyjęty	80
13198158	2022-10-29	VulD...	cvss2_vuldb_rl	OF	derived from vuldb v3 vector	2022-10-29	przyjęty	80
13198157	2022-10-29	VulD...	cvss2_vuldb_rc	C	derived from vuldb v3 vector	2022-10-29	przyjęty	80
13198156	2022-10-29	VulD...	cvss2_vuldb_ai	P	derived from vuldb v3 vector	2022-10-29	przyjęty	80
13198155	2022-10-29	VulD...	cvss2_vuldb_ii	N	derived from vuldb v3 vector	2022-10-29	przyjęty	80

Zaangażowany

Użytkownik

Pole

Zmiana

Uwagi

Przyjęty

Status

A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.