cbcvebase.
CVE-2021-40417
published 2021-12-22

CVE-2021-40417: When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.68%
96.4th percentile
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.

Affected

1 ranges
VendorProductVersion rangeFixed in
blackmagicdesigndavinci_resolve

Detection & IOCsextracted from sources · hover to see the quote

snort
58716
snort
58717
snort
58749
snort
58750
  • The vulnerability is triggered during video file decoding via the DPDecoder service; monitor for anomalous heap allocations or crashes within the DPDecoder service process in DaVinci Resolve.
  • The exploit path involves an integer overflow leading to a sign extension during video decode; look for oversized or malformed video files submitted as jobs to the DPDecoder service.
  • No user interaction is required for exploitation; any video file processed by DaVinci Resolve 17.3.1.0005 or earlier should be treated as a potential attack vector.
  • ·Confirmed vulnerable version is 17.3.1.0005; detections should be scoped to this version and earlier.
  • ·Snort rule IDs 58716, 58717, 58749, and 58750 may be updated as additional vulnerability information becomes available; always reference the latest ruleset from Cisco Secure Firewall Management Center or Snort.org.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.