Blackmagic Software has recently addressed two security vulnerabilities in the highly popular DaVinci Resolve software that would allow attackers to gain code execution on unpatched systems.
DaVinci Resolve is a free software platform that combines video editing and color correction, visual effects, motion graphics, and audio post-production tools in a single solution.
As its developer Blackmagic claims, DaVinci Resolve is “Hollywood’s most popular solution for editing” for Mac, Windows, and Linux.
Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?
The two remote code execution (RCE) security flaws, tracked as CVE-2021-40417 and CVE-2021-40418, were discovered by Cisco Talos security researchers and are rated with a CVSSv3 severity score of 9.8/10.
They’re both caused by weaknesses found in DaVinci Resolve’s DPDecoder service and are triggered by a heap-based buffer overflow when decoding a video file or an incorrect UUID when parsing video files.
“[CVE-2021-40417] is a heap-based buffer overflow vulnerability that occurs when the application faces an integer overflow condition that leads to a sign extension while trying to decode a video file,” Cisco Talos explained.
“Alternatively, [CVE-2021-40418] could also lead to code execution, but is instead triggered as the result of an uninitialized object member as a result of an incorrect UUID.”
The bugs can be exploited by remote threat actors in low complexity attacks, with successful exploitation not requiring authentication or user interaction.
Also Read: How Does Ransomware Work? Examples and Defense Tips
Cisco Talos discovered the two code execution vulnerabilities while analyzing DaVinci Resolve, version 17.3.1.0005.
Blackmagic has since patched both bugs, and users are advised to update to DaVinci Resolve 17.4.3, the latest released version for their platform, as soon as possible.
“Cisco Talos worked with Blackmagic to ensure that these issues are resolved and an update is available for affected customers,” the Cisco Talos team said.
You can find detailed info on how to install DaVinci Resolve software on your device in the DaVinci Resolve 17.4.3 changelog, released earlier this week.
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.