CVE-2022-3718

CVSS V2 None CVSS V3 Medium 6.5
Description
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Overview
  • CVE ID
  • CVE-2022-3718
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Rejected
  • Published Version
  • 2022-10-27T11:15:11
  • Last Modified Date
  • 2022-11-21T16:15:18
Weakness Enumerations
CWE URL
CWE-476 http://cwe.mitre.org/data/definitions/476.html
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 6.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053
https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf
https://vuldb.com/?id.212349
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3718
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3718
History
Created Old Value New Value Data Type Notes
2022-10-27 12:00:15 Added to TrackCVE
2022-12-07 13:00:19 2022-10-27T11:15Z 2022-10-27T11:15:11 CVE Published Date updated
2022-12-07 13:00:19 2022-11-21T16:15:18 CVE Modified Date updated
2022-12-07 13:00:19 Rejected Vulnerability Status updated
2022-12-07 13:00:20 A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Description updated