CVE-2022-3757

CVSS V2 None CVSS V3 High 8.8
Description
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Overview
  • CVE ID
  • CVE-2022-3757
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Rejected
  • Published Version
  • 2022-10-29T17:15:09
  • Last Modified Date
  • 2022-11-21T16:15:24
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901
https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378
https://vuldb.com/?id.212497
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3757
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3757
History
Created Old Value New Value Data Type Notes
2022-10-29 18:00:09 Added to TrackCVE
2022-12-07 14:26:20 2022-10-29T17:15Z 2022-10-29T17:15:09 CVE Published Date updated
2022-12-07 14:26:20 2022-11-21T16:15:24 CVE Modified Date updated
2022-12-07 14:26:20 Rejected Vulnerability Status updated
2022-12-07 14:26:20 A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Description updated