Bug 2141911 (CVE-2022-3717) - CVE-2022-3717 exiv2: multiple memory corruption in bmffimage.cpp
Summary: CVE-2022-3717 exiv2: multiple memory corruption in bmffimage.cpp
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2022-3717
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2141916 2141917 2141918 2141919 2141920 2141921 2141922
Blocks: 2140151
TreeView+ depends on / blocked
 
Reported: 2022-11-11 05:07 UTC by Sandipan Roy
Modified: 2022-11-22 03:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-11-14 10:28:14 UTC
Embargoed:

Attachments (Terms of Use)

Description Sandipan Roy 2022-11-11 05:07:01 UTC 
A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348.

https://vuldb.com/?id.212348
https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3
Comment 1 Sandipan Roy 2022-11-11 05:53:37 UTC 
Created exiv2 tracking bugs for this issue:

Affects: fedora-35 [bug 2141916]
Affects: fedora-36 [bug 2141918]


Created mingw-exiv2 tracking bugs for this issue:

Affects: fedora-35 [bug 2141917]
Affects: fedora-36 [bug 2141919]
Comment 3 Jan Grulich 2022-11-14 10:28:14 UTC 
This is a CVE for a new code that's in unreleased exiv2 and therefore our packages are not affected.
Note You need to log in before you can comment on or make changes to this bug.