cbcvebase.
CVE-2021-40418
published 2021-12-22

CVE-2021-40418: When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
17.95%
96.8th percentile
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

Affected

1 ranges
VendorProductVersion rangeFixed in
blackmagicdesigndavinci_resolve

Detection & IOCsextracted from sources · hover to see the quote

snort
58716
snort
58717
snort
58749
snort
58750
  • Exploitation is triggered when a specially crafted video file is submitted to the DPDecoder service as a job, resulting in an uninitialized object member dereference via an incorrect UUID parsed from a frame within the video container.
  • Flag or inspect video files submitted to DaVinci Resolve's DPDecoder service; exploitation does not require user interaction and is activated during video file decode.
  • ·Confirmed vulnerable version is Blackmagic Design DaVinci Resolve 17.3.1.0005; Snort rules 58716, 58717, 58749, 58750 are subject to change as additional vulnerability information becomes available.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.