Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Mageia 8 MGASA-2022-0420 Critical: Exiv2 Integer Overflow Remote Attack

mageia
Calendar Grey November 12, 2022
Dist Mageia Esm H88
A security patch for Mageia 8 resolves an integer overflow vulnerability in the QuickTime Video Handler that impacts exiv2.
Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler

Summary

Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. (CVE-2022-3756)

References

- https://bugs.mageia.org/show_bug.cgi?id=31074

- https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1302816492

- https://www.cve.org/CVERecord?id=CVE-2022-3756

Resolution

SRPMS

- 8/core/exiv2-0.27.3-1.5.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 13 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0420.html
Type: security
CVE: CVE-2022-3756

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.