How severe is CVE-2021-40418?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-40418?

This is classified as CWE-457, which is a common weakness in software security.

CVE-2021-40418 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.

Related Vulnerabilities

CVE-2022-40510

CRITICAL

CVSS:9.8(Critical)

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CWE-4572022

CVE-2024-47540

HIGH

CVSS:9.8(Critical)

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within...

CWE-4572024

CVE-2022-21217

CRITICAL

CVSS:9.1(Critical)

An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An at...

CWE-4572022

CVE-2023-6324

HIGH

CVSS:8.8(High)

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity

CWE-4572023

CVE-2024-23159

HIGH

CVSS:8.8(High)

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can le...

CWE-4572024

CVE-2024-6990

HIGH

CVSS:8.8(High)

Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security se...

CWE-4572024