{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-3756", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2022-11-21T00:00:00", "dateRejected": "2022-11-21T00:00:00", "dateReserved": "2022-10-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-11-21T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2022-3756", "lastModified": "2023-11-07T03:51:46.367", "metrics": {}, "published": "2022-10-29T17:15:09.840", "references": [], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "exiv2: integer overflow in quicktimevideo.cpp", "id": "2141908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141908"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "(CWE-189|CWE-190)", "details": ["[REJECTED CVE] A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely."], "name": "CVE-2022-3756", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-023", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-10-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3756\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3756"], "statement": "This is a CVE for quicktime video which is not built in any RHEL or Fedora release and therefore our packages are not affected.\nAlso, this CVE has been rejected by Upstream.", "threat_severity": "Moderate"}