CVE-2022-0546

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0546

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0546.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-0546

Related

Published

2022-02-24T19:15:09Z

Modified

2024-10-12T08:49:44.197373Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

References

Affected packages

Debian:11 / blender

Package

Name: blender
Purl: pkg:deb/debian/blender?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.83.5+dfsg-5+deb11u1

Affected versions

2.*

2.83.5+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / blender

Package

Name: blender
Purl: pkg:deb/debian/blender?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/blender/blender

Affected ranges

Type: GIT
Repo: https://github.com/blender/blender
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f1cca3055776be50f59dd4fb6de3018afb53d52c

Affected versions

v2.*

v2.25

v2.26

v2.28

v2.28a

v2.28c

v2.30

v2.31

v2.31a

v2.32

v2.33

v2.33a

v2.34

v2.35

v2.35a

v2.37

v2.37a

v2.40

v2.42

v2.42a

v2.43

v2.44

v2.48

v2.48a

v2.55

v2.56a

v2.57

v2.57a

v2.57b

v2.58

v2.58a

v2.59

v2.60

v2.63

v2.66

v2.70-rc

v2.71-rc1

v2.72-rc1

v2.73-rc1

v2.74-rc1

v2.83

v2.92.0

v3.*

v3.0.0