{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-3757", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2022-11-21T00:00:00.000Z", "dateRejected": "2022-11-21T00:00:00.000Z", "dateReserved": "2022-10-29T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-11-21T00:00:00.000Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2022-3757", "lastModified": "2023-11-07T03:51:46.397", "metrics": {}, "published": "2022-10-29T17:15:09.937", "references": [], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "exiv2: Heap-buffer-overflow in Exiv2::MemIo::read", "id": "2141910", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141910"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "(CWE-119|CWE-120)", "details": ["[REJECTED CVE] A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely."], "name": "CVE-2022-3757", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-023", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-10-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3757\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3757"], "statement": "This is a CVE for quicktime video which is not built in any RHEL or Fedora release and therefore our packages are not affected.\nAlso, this CVE has been rejected by Upstream.", "threat_severity": "Moderate"}

{"created": "2025-06-24T09:44:13.800122+00:00", "updated": "2025-06-24T09:44:13.800177+00:00", "vendors": ["exiv2", "exiv2$PRODUCT$exiv2"]}