CVE-2021-40418

Exploit

EPSS 1.33%
Veröffentlicht 22.12.2021 19:15:11
Zuletzt bearbeitet 21.11.2024 06:24:05
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Blackmagicdesign ≫ Davinci Resolve Version17.3.1.0005

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.33%	0.793

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-40418

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40418

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40418

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-40418