CVE-2022-2832

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-2832
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://developer.blender.org/D15463 Patch Vendor Advisory
https://developer.blender.org/T99706 Exploit Patch Vendor Advisory
https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*
History

12 Feb 2023, 22:15

Type Values Removed Values Added
Summary CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
CWE CWE-476 CWE-395
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2022:7058', 'name': 'https://access.redhat.com/errata/RHSA-2022:7058', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2022-2832', 'name': 'https://access.redhat.com/security/cve/CVE-2022-2832', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=2118556', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=2118556', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:17

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2022:7058 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2022-2832 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2118556 -
Summary A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity. CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor

01 Sep 2022, 21:15

Type Values Removed Values Added
Summary When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS. A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

18 Aug 2022, 18:23

Type Values Removed Values Added
First Time Blender blender
Blender
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*
References (MISC) https://developer.blender.org/D15463 - (MISC) https://developer.blender.org/D15463 - Patch, Vendor Advisory
References (MISC) https://developer.blender.org/T99706 - (MISC) https://developer.blender.org/T99706 - Exploit, Patch, Vendor Advisory
References (MISC) https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - (MISC) https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - Patch, Vendor Advisory
CWE CWE-476

16 Aug 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-16 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-2832

Mitre link : CVE-2022-2832

CVE.ORG link : CVE-2022-2832

JSON object : View

Products Affected

blender

  • blender
CWE
CWE-395

Use of NullPointerException Catch to Detect NULL Pointer Dereference

CWE-476

NULL Pointer Dereference