Fluid Attacks Database

Description

[REJECTED CVE] A vulnerability has been found in Exiv2. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel6	exiv2
rpm rhel7	compat-exiv2-023
rpm rhel7	compat-exiv2-026
rpm rhel7	exiv2

Aliases

1. CVE-2022-37192. NVD-2022-37193. OSV-2022-3719

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.