An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
References
Configurations
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.debian.org/security/2022/dsa-5176 - | |
References | () https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html - | |
References | () https://developer.blender.org/T94661 - |
19 Jan 2023, 03:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
First Time |
Debian
Debian debian Linux |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5176 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html - Mailing List, Third Party Advisory |
05 Jul 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jun 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 20:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Blender blender
Blender |
|
References | (MISC) https://developer.blender.org/T94661 - Exploit, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.6
v3 : 5.5 |
CWE | CWE-191 | |
CPE | cpe:2.3:a:blender:blender:*:*:*:*:*:*:*:* |
24 Feb 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-24 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0544
Mitre link : CVE-2022-0544
CVE.ORG link : CVE-2022-0544
JSON object : View
Products Affected
blender
- blender
debian
- debian_linux
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)