CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

Database specific

{
    "cna_assigner": "fedora",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0544.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cwe_ids": [
        "CWE-191"
    ]
}

References

Affected packages

Git / github.com/blender/blender

Affected ranges

Type

GIT

Repo

https://github.com/blender/blender

Events

Introduced

Fixed

86c526d2c733e2c3de0222b87cee14bc925ac308

Introduced

0330d1af29c067cf309e4798f5259e01a8c3c668

Fixed

09da7f489ad951eff5fc42f97a8079fafce12a89

Introduced

f1cca3055776be50f59dd4fb6de3018afb53d52c

Fixed

c77597cd0e15f9d7b6f963593b545cc94950eb8d

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.83.19"
        },
        {
            "introduced": "2.90.0"
        },
        {
            "fixed": "2.93.8"
        },
        {
            "introduced": "3.0"
        },
        {
            "fixed": "3.1"
        }
    ],
    "cpe": "cpe:2.3:a:blender:blender:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD"
}

Affected versions

v2.*

v2.25

v2.26

v2.28

v2.28a

v2.28c

v2.30

v2.31

v2.31a

v2.32

v2.33

v2.33a

v2.34

v2.35

v2.35a

v2.37

v2.37a

v2.40

v2.42

v2.42a

v2.43

v2.44

v2.48

v2.48a

v2.55

v2.56a

v2.57

v2.57a

v2.57b

v2.58

v2.58a

v2.59

v2.60

v2.63

v2.66

v2.70-rc

v2.71-rc1

v2.72-rc1

v2.73-rc1

v2.74-rc1

v2.83

v2.83.1

v2.83.10

v2.83.12

v2.83.13

v2.83.14

v2.83.15

v2.83.16

v2.83.17

v2.83.18

v2.83.2

v2.83.3

v2.83.4

v2.83.5

v2.83.6

v2.83.6.1

v2.83.7

v2.83.8

v2.83.9

v2.93.0

v2.93.1

v2.93.2

v2.93.3

v2.93.4

v2.93.5

v2.93.6

v2.93.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0544.json"

vanir_signatures_modified

"2026-05-01T11:17:19Z"

vanir_signatures

[
    {
        "target": {
            "file": "source/blender/editors/sculpt_paint/sculpt_undo.c",
            "function": "sculpt_undo_geometry_restore_data"
        },
        "digest": {
            "length": 979.0,
            "function_hash": "161412462493676655162831838872195101415"
        },
        "deprecated": false,
        "id": "CVE-2022-0544-99b905fa",
        "signature_type": "Function",
        "source": "https://github.com/blender/blender/commit/c77597cd0e15f9d7b6f963593b545cc94950eb8d",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "source/blender/editors/sculpt_paint/sculpt_undo.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "124043090402698535792582219829702258639",
                "291399862714107792492370666230809677084",
                "19780911924126066182472616114708630776",
                "52788336479705262444171463252782941809",
                "180136656472081687867564524359903073902",
                "208647502420360741357835349339771405644",
                "331397288112833657229470003807514440165",
                "205577027148405797478355135906222874377"
            ]
        },
        "deprecated": false,
        "id": "CVE-2022-0544-9f9ab928",
        "signature_type": "Line",
        "source": "https://github.com/blender/blender/commit/c77597cd0e15f9d7b6f963593b545cc94950eb8d",
        "signature_version": "v1"
    }
]