The popular software editor DaVinci Resolve had some serious security vulnerabilities leading to code execution. Following the researchers’ report, the vendors patched the flaws.
DaVinci Resolve Code Execution Vulnerability
Researchers from Cisco Talos have shared a detailed advisory about two different vulnerabilities affecting DaVinci Resolve. Both the bugs received critical severity ratings with a CVSS score of 9.8.
The Australian firm Blackmagic Design’s DaVinci Resolve is a freemium video editing software bearing color grading, mixing/effects, and other visual effects functionalities.
The researchers found the vulnerabilities in the DPDecoder service of the tool. The first of these (CVE-2021-40417) is an integer overflow vulnerability that could lead to code execution. Describing the bug in an advisory, Cisco stated,
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated.
The second vulnerability (CVE-2021-40418) could also lead to code execution due to the use of uninitialized variable. As stated in the advisory,
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor.
The researchers found these bugs while analyzing version 17.3.1.0005. Blackmagic has fixed them with the release of DaVinci resolve version 17.4.3. Hence, users should now ensure upgrading to this version to receive the fixes.