Lucene search
Veracode Vulnerability DatabaseVERACODE:37732HistoryNov 01, 2022 - 5:54 a.m.
Buffer Overflow
2022-11-0105:54:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
libexiv2 buffer overflow
quicktimevideo userdatadecoder
integer overflow
0 Low
EPSS
Percentile
0.0%
libexiv2.so is vulnerable to buffer overflow. The vulnerability exists in the QuickTimeVideo::userDataDecoder function in quicktimevideo.cpp where the resulting value will always be larger than the original value allowing an attacker to cause an application crash through an integer overflow by providing a malicious input.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libexiv2.so | le | 26.0.0 | |
| libexiv2.so | le | 0.27.5 | |
| exiv2:buster | eq | 0.25-4+deb10u1 | |
| libexiv2.so | le | 26.0.0 | |
| libexiv2.so | le | 0.27.5 | |
| exiv2:buster | eq | 0.25-4+deb10u1 |
Related
cve
cve
CVE-2022-3756
2022-10-29 17:15:09
cvelist
cvelist
CVE-2022-3756
1976-01-01 00:00:00
ubuntucve
ubuntucve
CVE-2022-3756
2022-10-29 00:00:00
prion
prion
Design/Logic Flaw
2022-10-29 17:15:00
redhatcve
redhatcve
CVE-2022-3756
2022-11-11 04:55:58
mageia
mageia
Updated exiv2 packages fix security vulnerability
2022-11-13 05:25:20
nvd
nvd
CVE-2022-3756
2022-10-29 17:15:09
debiancve
debiancve
CVE-2022-3756
2022-10-29 17:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0420)
2022-11-14 00:00:00
nessus
nessus
Debian DLA-3186-1 : exiv2 - LTS security update
2022-11-11 00:00:00
RHEL 7 : exiv2 (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : exiv2 (Unpatched Vulnerability)
2024-05-11 00:00:00
debian
debian
[SECURITY] [DLA 3186-1] exiv2 security update
2022-11-10 14:49:10
redos
redos
ROS-20221009-01
2022-10-09 00:00:00