On Monday December 20, 2021 Cisco Talos released an advisory describing an Integer Overflow to Buffer Overflow vulnerability found in Blackmagic Design’s DaVinci Resolve editing software leading to arbitrary code execution under context of the application. With a CVSSv3.1 score of 9.8 it is advised to update DaVinci Resolve, version 17.3.1.0005 with the software available on Blackmagic’s website at https://www.blackmagicdesign.com/products/davinciresolve/
Analyst Notes
Specialized software such as this commonly used among professional’s poses a risk, especially with the increase in skilled professionals working from home. It is easy to miss a software update, or not update based on inconvenience. Arbitrary code execution is always dangerous, allowing an attacker to execute malicious code controlling targeted software and/or system.
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1427
https://blog.talosintelligence.com/2021/12/vuln-spotlight-davinci-resolve.html
