CVE-2021-40418

{"id": "CVE-2021-40418", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-12-22T19:15:11.540", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-457"}]}], "descriptions": [{"lang": "en", "value": "When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object\u2019s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object\u2019s virtual method table, which can result in code execution under the context of the application."}, {"lang": "es", "value": "Cuando es analizado un archivo que se env\u00eda al servicio DPDecoder como un trabajo, el SDK R3D omite por error la asignaci\u00f3n de una propiedad que contiene un objeto que hace referencia a un UUID que fue analizada desde un fotograma dentro del contenedor de v\u00eddeo. Tras la destrucci\u00f3n del objeto que lo posee, el miembro no inicializado ser\u00e1 desreferenciado y luego destruido usando el destructor virtual del objeto. Debido a que la propiedad del objeto no est\u00e1 inicializada, esto puede resultar en una desreferenciaci\u00f3n de un puntero arbitrario para la tabla de m\u00e9todos virtuales del objeto, que puede resultar en una ejecuci\u00f3n de c\u00f3digo bajo el contexto de la aplicaci\u00f3n"}], "lastModified": "2022-09-03T03:30:50.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackmagicdesign:davinci_resolve:17.3.1.0005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE4DC4EC-3F46-4287-8C9A-132E5F382A92"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}