Security News > 2021 > December > Blackmagic fixes critical DaVinci Resolve code execution flaws

Blackmagic Software has recently addressed two security vulnerabilities in the highly popular DaVinci Resolve software that would allow attackers to gain code execution on unpatched systems.

As its developer Blackmagic claims, DaVinci Resolve is "Hollywood's most popular solution for editing" for Mac, Windows, and Linux.

The two remote code execution security flaws, tracked as CVE-2021-40417 and CVE-2021-40418, were discovered by Cisco Talos security researchers and are rated with a CVSSv3 severity score of 9.8/10. They're both caused by weaknesses found in DaVinci Resolve's DPDecoder service and are triggered by a heap-based buffer overflow when decoding a video file or an incorrect UUID when parsing video files.

Cisco Talos discovered the two code execution vulnerabilities while analyzing DaVinci Resolve, version 17.3.1.0005.

Blackmagic has since patched both bugs, and users are advised to update to DaVinci Resolve 17.4.3, the latest released version for their platform, as soon as possible.

You can find detailed info on how to install DaVinci Resolve software on your device in the DaVinci Resolve 17.4.3 changelog, released earlier this week.

News URL

https://www.bleepingcomputer.com/news/security/blackmagic-fixes-critical-davinci-resolve-code-execution-flaws/