cnvd - cnvd-2022-06884

CNVD-2022-06884

Vulnerability from cnvd - Published: 2022-01-26

Title

Blackmagic Design DaVinci Resolve代码执行漏洞

Description

Blackmagic Design DaVinci Resolve是一款将剪辑、色彩校正、视觉效果、动态图形和音频后期制作集于一身的软件工具。 Blackmagic Design DaVinci Resolve存在代码执行漏洞，攻击者可利用该漏洞在应用程序上下文中执行任意代码。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.blackmagicdesign.com/products/davinciresolve/

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/215762

Impacted products

Name
Blackmagic Design DaVinci Resolve 17.3.1.0005

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-40418"
    }
  },
  "description": "Blackmagic Design DaVinci Resolve\u662f\u4e00\u6b3e\u5c06\u526a\u8f91\u3001\u8272\u5f69\u6821\u6b63\u3001\u89c6\u89c9\u6548\u679c\u3001\u52a8\u6001\u56fe\u5f62\u548c\u97f3\u9891\u540e\u671f\u5236\u4f5c\u96c6\u4e8e\u4e00\u8eab\u7684\u8f6f\u4ef6\u5de5\u5177\u3002\n\nBlackmagic Design DaVinci Resolve\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.blackmagicdesign.com/products/davinciresolve/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-06884",
  "openTime": "2022-01-26",
  "products": {
    "product": "Blackmagic Design DaVinci Resolve 17.3.1.0005"
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215762",
  "serverity": "\u9ad8",
  "submitTime": "2021-12-22",
  "title": "Blackmagic Design DaVinci Resolve\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2021-40418 (GCVE-0-2021-40418)

Vulnerability from cvelistv5 – Published: 2021-12-22 18:07 – Updated: 2024-08-04 02:44

Summary

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-457 - Use of Uninitialized Variable

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Blackmagic Design	Affected: Blackmagic Design DaVinci Resolve 17.3.1.0005

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:09.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Blackmagic Design",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Blackmagic Design DaVinci Resolve 17.3.1.0005"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object\u2019s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object\u2019s virtual method table, which can result in code execution under the context of the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457: Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-22T18:07:04",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2021-40418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Blackmagic Design",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Blackmagic Design DaVinci Resolve 17.3.1.0005"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object\u2019s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object\u2019s virtual method table, which can result in code execution under the context of the application."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-457: Use of Uninitialized Variable"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2021-40418",
    "datePublished": "2021-12-22T18:07:04",
    "dateReserved": "2021-09-01T00:00:00",
    "dateUpdated": "2024-08-04T02:44:09.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-06884

CVE-2021-40418 (GCVE-0-2021-40418)

Tags

Sightings

Nomenclature