CVE-2022-3755

CVSS V2 None CVSS V3 Medium 6.5
Description
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Overview
  • CVE ID
  • CVE-2022-3755
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Rejected
  • Published Version
  • 2022-10-29T17:15:09
  • Last Modified Date
  • 2022-11-21T16:15:20
Weakness Enumerations
CWE URL
CWE-476 http://cwe.mitre.org/data/definitions/476.html
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 6.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://vuldb.com/?id.212495
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382
https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3755
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3755
History
Created Old Value New Value Data Type Notes
2022-10-29 18:00:09 Added to TrackCVE
2022-12-07 14:26:18 2022-10-29T17:15Z 2022-10-29T17:15:09 CVE Published Date updated
2022-12-07 14:26:18 2022-11-21T16:15:20 CVE Modified Date updated
2022-12-07 14:26:18 Rejected Vulnerability Status updated
2022-12-07 14:26:18 A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Description updated