First Last Prev Next    This bug is not in your last search results.
Bug 1204818 - (CVE-2022-3717) VUL-0: CVE-2022-3717: exiv2: integer overflow in BmffImage::boxHandler
(CVE-2022-3717)
VUL-0: CVE-2022-3717: exiv2: integer overflow in BmffImage::boxHandler
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Dirk Mueller
Security Team bot
https://smash.suse.de/issue/346354/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-28 07:26 UTC by Thomas Leroy
Modified: 2022-10-28 07:28 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-10-28 07:26:57 UTC 
CVE-2022-3717

A vulnerability, which was classified as critical, has been found in Exiv2.
Affected by this issue is the function BmffImage::boxHandler of the file
bmffimage.cpp. The manipulation leads to memory corruption. The attack may be
launched remotely. The name of the patch is
a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-212348.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3717
https://www.cve.org/CVERecord?id=CVE-2022-3717
https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3
http://www.cvedetails.com/cve/CVE-2022-3717/
https://vuldb.com/?id.212348
Comment 1 Thomas Leroy 2022-10-28 07:28:05 UTC 
Buggy commit [0] very recent, none of the codestreams affected. Closing

[0] https://github.com/Exiv2/exiv2/commit/9a6ee59421fdfa0745a5f494a3dd19af78b03ce7
First Last Prev Next    This bug is not in your last search results.