![]() ![]() While evaluating DaVinci Resolve, version 17., Cisco Talos detected two code execution flaws. Remote threat actors can employ the defects in low-complexity attacks, and successful exploitation does not need authentication or user interaction. “Alternatively, could also lead to code execution, but is instead triggered as the result of an uninitialized object member as a result of an incorrect UUID.” “ is a heap-based buffer overflow vulnerability that occurs when the application faces an integer overflow condition that leads to a sign extension while trying to decode a video file,” Cisco Talos clarified. Both are caused by flaws in DaVinci Resolve’s DPDecoder service and are triggered by a heap-based buffer overflow during decoding a video file or a wrong UUID while parsing video files. ![]() They have a CVSSv3 severity score of 9.8/10. ![]() Cisco Talos security researchers found the two remote code execution (RCE) security issues: CVE-2021-40417 and CVE-2021-40418. DaVinci Resolve is an open software platform that includes video editing, visual effects, color correction, motion graphics, and audio post-production capabilities in one package.Īccording to its developer Blackmagic, DaVinci Resolve is “Hollywood’s most popular solution for editing” for Mac, Windows, and Linux. ![]() Blackmagic Software recently patched two security flaws in the widely used DaVinci Resolve software that might allow attackers to achieve code execution on systems that were not patched. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |