CVE-2021-40417
published 2021-12-22CVE-2021-40417: When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.68%
96.4th percentile
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blackmagicdesign | davinci_resolve | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
58716
snort↗
58717
snort↗
58749
snort↗
58750
- →The vulnerability is triggered during video file decoding via the DPDecoder service; monitor for anomalous heap allocations or crashes within the DPDecoder service process in DaVinci Resolve. ↗
- →The exploit path involves an integer overflow leading to a sign extension during video decode; look for oversized or malformed video files submitted as jobs to the DPDecoder service. ↗
- →No user interaction is required for exploitation; any video file processed by DaVinci Resolve 17.3.1.0005 or earlier should be treated as a potential attack vector. ↗
- ·Confirmed vulnerable version is 17.3.1.0005; detections should be scoped to this version and earlier. ↗
- ·Snort rule IDs 58716, 58717, 58749, and 58750 may be updated as additional vulnerability information becomes available; always reference the latest ruleset from Cisco Secure Firewall Management Center or Snort.org. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
27th December – Threat Intelligence Report
blogs_checkpoint·2021-12-26·CVSS 10.0
CVE-2021-44228 [CRITICAL] 27th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 27th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 27th December, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Researchers have revealed an APT-like campaign targeting the US Federal Government Commission on international rights and religious freedom. Threat actors used a backdoor that possibly gave them full visibility and control over the compromised network for further exploitation.
New phishing campaign is luring victims in
Talos
Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
blogs_talos·2021-12-20·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
## Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
Cisco Talos recently discovered two vulnerabilities in the DaVinci Resolve video editing software that could allow an adversary to execute code in the context of the application.
DaVinci Resolve is a non-linear video editing application from Blackmagic Software that is available on multiple operating systems. Both these vulnerabilities exist in the DPDecoder service inside DaVinci Resolve.
TALOS-2021-1426 (CVE-2021-40417) is a heap-based buffer overflow vulnerability that occurs when the application faces an integer overflow condition that leads to a sign extension while trying to decode a video file. Alternatively, TALOS-2021-1427 (CVE-2021-40418) could also lead to code e
Talos
Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
blogs_talos·2021-12-20·CVSS 9.8
CVE-2021-40417 [CRITICAL] Vulnerability Spotlight: Vulnerabilities in DaVinci Resolve video editing software could lead to code execution
Cisco Talos recently discovered two vulnerabilities in the DaVinci Resolve video editing software that could allow an adversary to execute code in the context of the application.
DaVinci Resolve is a non-linear video editing application from Blackmagic Software that is available on multiple operating systems. Both these vulnerabilities exist in the DPDecoder service inside DaVinci Resolve.
TALOS-2021-1426 (CVE-2021-40417) is a heap-based buffer overflow vulnerability that occurs when the application faces an integer overflow condition that leads to a sign extension while trying to decode a video file. Alternatively, TALOS-2021-1427 (CVE-2021-40418) could also lead to code execution, but is instead triggered as the result of an uninitialized object member as a result of an incorrect UUID.
2021-12-22
Published