CVE-2021-40418 - OpenCVE

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackmagicdesign	Davinci Resolve

Configuration 1 [-]

cpe:2.3:a:blackmagicdesign:davinci_resolve:17.3.1.0005:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2021-12-22T18:07:04

Updated: 2024-08-04T02:44:09.488Z

Reserved: 2021-09-01T00:00:00

Link: CVE-2021-40418

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-22T19:15:11.540

Modified: 2022-09-03T03:30:50.947

Link: CVE-2021-40418

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Blackmagic Design", "vendor": "n/a", "versions": [{"status": "affected", "version": "Blackmagic Design DaVinci Resolve 17.3.1.0005"}]}], "descriptions": [{"lang": "en", "value": "When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object\u2019s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object\u2019s virtual method table, which can result in code execution under the context of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-22T18:07:04", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2021-40418", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Blackmagic Design", "version": {"version_data": [{"version_value": "Blackmagic Design DaVinci Resolve 17.3.1.0005"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object\u2019s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object\u2019s virtual method table, which can result in code execution under the context of the application."}]}, "impact": {"cvss": {"baseScore": 9.8, "baseSeverity": "Critical", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-457: Use of Uninitialized Variable"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:44:09.488Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2021-40418", "datePublished": "2021-12-22T18:07:04", "dateReserved": "2021-09-01T00:00:00", "dateUpdated": "2024-08-04T02:44:09.488Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackmagicdesign:davinci_resolve:17.3.1.0005:*:*:*:*:*:*:*", "matchCriteriaId": "AE4DC4EC-3F46-4287-8C9A-132E5F382A92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object\u2019s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object\u2019s virtual method table, which can result in code execution under the context of the application."}, {"lang": "es", "value": "Cuando es analizado un archivo que se env\u00eda al servicio DPDecoder como un trabajo, el SDK R3D omite por error la asignaci\u00f3n de una propiedad que contiene un objeto que hace referencia a un UUID que fue analizada desde un fotograma dentro del contenedor de v\u00eddeo. Tras la destrucci\u00f3n del objeto que lo posee, el miembro no inicializado ser\u00e1 desreferenciado y luego destruido usando el destructor virtual del objeto. Debido a que la propiedad del objeto no est\u00e1 inicializada, esto puede resultar en una desreferenciaci\u00f3n de un puntero arbitrario para la tabla de m\u00e9todos virtuales del objeto, que puede resultar en una ejecuci\u00f3n de c\u00f3digo bajo el contexto de la aplicaci\u00f3n"}], "id": "CVE-2021-40418", "lastModified": "2022-09-03T03:30:50.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2021-12-22T19:15:11.540", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-457"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}