Back to search
CVE-2022-0545
Published: Feb 24, 2022
Modified: Aug 2, 2024
PUBLISHED
Description
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
| Vendor | Product | Versions |
|---|---|---|
n/a | Blender | affected Blender versions prior to 2.83.19, 2.93.8 and 3.1 |
Weaknesses (CWE)
References
https://developer.blender.org/T94629
x_refsource_MISC
[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update
mailing-list
x_refsource_MLIST
DSA-5176
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now