First Last Prev Next    This bug is not in your last search results.
Bug 1204823 - (CVE-2022-3719) VUL-0: CVE-2022-3719: exiv2: heap-based buffer overflow in QuickTime Video Handler
(CVE-2022-3719)
VUL-0: CVE-2022-3719: exiv2: heap-based buffer overflow in QuickTime Video Ha...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/346352/
CVSSv3.1:SUSE:CVE-2022-3719:7.5:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-28 08:19 UTC by Thomas Leroy
Modified: 2022-10-31 08:36 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-10-28 08:19:12 UTC 
CVE-2022-3719

A vulnerability has been found in Exiv2 and classified as critical. This
vulnerability affects the function QuickTimeVideo::userDataDecoder of the file
quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation
leads to heap-based buffer overflow. The attack can be initiated remotely. The
name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended
to apply a patch to fix this issue. VDB-212350 is the identifier assigned to
this vulnerability.

Upstream fix:
https://github.com/Exiv2/exiv2/commit/a38e124076138e529774d5ec9890d0731058115a

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3719
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707
https://www.cve.org/CVERecord?id=CVE-2022-3719
https://github.com/Exiv2/exiv2/commit/a38e124076138e529774d5ec9890d0731058115a
http://www.cvedetails.com/cve/CVE-2022-3719/
https://vuldb.com/?id.212350
Comment 1 Thomas Leroy 2022-10-28 08:19:40 UTC 
Affected:
- SUSE:SLE-15:Update
- SUSE:SLE-15-SP4:Update
- openSUSE:Factory
Comment 2 Dirk Mueller 2022-10-28 15:43:06 UTC 
this is invalid. Exiv2 0.27 and later have dropped that quicktime video handler due to low code quality. so the issue does not exist there. so SLE-15-SP4 and Factory are not affected. the commits exist in *git main* branch only as they resurrected the feature, but there isn't a released version with that functionality. calling CVE's for that is dubious imho at best.

The code does exist in 0.26, however it is disabled from compilation by default, so we're not affected.
Comment 3 Thomas Leroy 2022-10-31 08:36:05 UTC 
(In reply to Dirk Mueller from comment #2)
> this is invalid. Exiv2 0.27 and later have dropped that quicktime video
> handler due to low code quality. so the issue does not exist there. so
> SLE-15-SP4 and Factory are not affected. the commits exist in *git main*
> branch only as they resurrected the feature, but there isn't a released
> version with that functionality. calling CVE's for that is dubious imho at
> best.
> 
> The code does exist in 0.26, however it is disabled from compilation by
> default, so we're not affected.

Thanks for checking Dirk. Afaics sle15sp4 ships 0.26, which is also not affected.
Nothing affected, closing
First Last Prev Next    This bug is not in your last search results.