CVE-2022-3757: Exiv2 QuickTime Video quicktimevideo.cpp decodeBlock memory corruption [Fałszywie Pozytywny]

1	28

exploit_price_0day	2
source_cve_nvd_summary	1
source_cve_assigned	1
advisory_identifier	1
cna_response_summary	1

90%	32
50%	10
70%	3
100%	3

90%

50%

70%

100%

90%	32
80%	10
70%	3
100%	3

90%

80%

70%

100%

ID	Zaangażowany	Użytkownik	Pole	Zmiana	Uwagi	Przyjęty	Status	C
13310150	2022-11-26	VulD...	cve_nvd_summary	A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability.	cvedetails.com	2022-11-26	przyjęty	70
13310149	2022-11-26	VulD...	cve_assigned	1666994400 (2022-10-29)	cve.mitre.org	2022-11-26	przyjęty	70
13310148	2022-11-26	VulD...	identifier	d3651fdbd352cbaf259f89abf7557da343339378	cve.mitre.org	2022-11-26	przyjęty	70
13292670	2022-11-21	VulD...	price_0day		see exploit price documentation	2022-11-21	przyjęty	90
13292669	2022-11-21	VulD...	response_summary	Issue was introduced on the main (dev) branch and fixed shortly afterwards, so none of the official releases were ever affected.		2022-11-21	przyjęty	100
13292668	2022-11-21	VulD...	falsepositive	1		2022-11-21	przyjęty	100
13292667	2022-11-21	VulD...	disputed	1		2022-11-21	przyjęty	100
13198250	2022-10-29	VulD...	price_0day	$0-$5k	see exploit price documentation	2022-10-29	przyjęty	90
13198249	2022-10-29	VulD...	cvss3_meta_tempscore	6.0	see CVSS documentation	2022-10-29	przyjęty	90
13198248	2022-10-29	VulD...	cvss3_meta_basescore	6.3	see CVSS documentation	2022-10-29	przyjęty	90
13198247	2022-10-29	VulD...	cvss3_vuldb_tempscore	6.0	see CVSS documentation	2022-10-29	przyjęty	90
13198246	2022-10-29	VulD...	cvss3_vuldb_basescore	6.3	see CVSS documentation	2022-10-29	przyjęty	90
13198245	2022-10-29	VulD...	cvss2_vuldb_tempscore	6.5	see CVSS documentation	2022-10-29	przyjęty	90
13198244	2022-10-29	VulD...	cvss2_vuldb_basescore	7.5	see CVSS documentation	2022-10-29	przyjęty	90
13198243	2022-10-29	VulD...	cvss3_vuldb_e	X	derived from historical data	2022-10-29	przyjęty	80
13198242	2022-10-29	VulD...	cvss2_vuldb_e	ND	derived from historical data	2022-10-29	przyjęty	80
13198241	2022-10-29	VulD...	cvss2_vuldb_rl	OF	derived from vuldb v3 vector	2022-10-29	przyjęty	80
13198240	2022-10-29	VulD...	cvss2_vuldb_rc	C	derived from vuldb v3 vector	2022-10-29	przyjęty	80
13198239	2022-10-29	VulD...	cvss2_vuldb_ai	P	derived from vuldb v3 vector	2022-10-29	przyjęty	80
13198238	2022-10-29	VulD...	cvss2_vuldb_ii	P	derived from vuldb v3 vector	2022-10-29	przyjęty	80

Zaangażowany

Użytkownik

Pole

Zmiana

Uwagi

Przyjęty

Status

A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability.