CVE-2022-3953

CVSS V2 None CVSS V3 Medium 6.5
Description
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Overview
  • CVE ID
  • CVE-2022-3953
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Rejected
  • Published Version
  • 2022-11-11T14:15:11
  • Last Modified Date
  • 2022-11-21T16:15:25
Weakness Enumerations
CWE URL
CWE-404 http://cwe.mitre.org/data/definitions/404.html
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 6.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://github.com/Exiv2/exiv2/pull/2394
https://github.com/Exiv2/exiv2/commit/771ead87321ae6e39e5c9f6f0855c58cde6648f1
https://vuldb.com/?id.213459
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-3953
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3953
History
Created Old Value New Value Data Type Notes
2022-11-11 15:00:11 Added to TrackCVE
2022-12-07 17:37:55 2022-11-11T14:15Z 2022-11-11T14:15:11 CVE Published Date updated
2022-12-07 17:37:55 2022-11-21T16:15:25 CVE Modified Date updated
2022-12-07 17:37:55 Rejected Vulnerability Status updated
2022-12-07 17:37:55 A vulnerability was found in Exiv2. It has been classified as problematic. This affects the function QuickTimeVideo::multipleEntriesDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to infinite loop. It is possible to initiate the attack remotely. The name of the patch is 771ead87321ae6e39e5c9f6f0855c58cde6648f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213459. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Description updated