Sign-up

ID

VAR-201711-1235


TITLE

Zhejiang Dahua Play Library SDK (win32) has an out-of-bounds access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-33918

DESCRIPTION

The playback SDK is a supporting product of Dahua compression cards and hard disk video recorders. It supports all Dahua stream formats, as well as Hisilicon's h264 stream and ADI's h264 stream. There is an out-of-bounds access vulnerability in dhplay.dll of the playback library SDK provided by Zhejiang Dahua. An attacker could use this vulnerability to cause a denial of service attack or process information disclosure.

Trust: 0.6

sources: CNVD: CNVD-2017-33918

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33918

AFFECTED PRODUCTS

vendor:dahuamodel:video sdk sdk win32 v3.39.0 20161102scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-33918

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-33918
value: LOW

Trust: 0.6

CNVD: CNVD-2017-33918
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-33918

PATCH

title:General_PlaySDK_Chn_Windows32_IS_V3.39.1.R.171014url:https://www.cnvd.org.cn/patchinfo/show/103686

Trust: 0.6

sources: CNVD: CNVD-2017-33918

EXTERNAL IDS

db:CNVDid:CNVD-2017-33918

Trust: 0.6

sources: CNVD: CNVD-2017-33918

SOURCES

db:CNVDid:CNVD-2017-33918

LAST UPDATE DATE

2022-05-04T10:00:55.717000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-33918date:2017-12-14T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-33918date:2017-11-26T00:00:00