Blender
CVE-2022-0544
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
AnalysisAI
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-191. An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. Affected products include: Blender, Debian Debian Linux. Version information: prior to 2.83.19.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Endless Infinite loop in Blender-thumnailing due to logical bugs. Rated high severity (CVSS 7.5), this vulnerability is
A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authen
A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authen
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing a
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds
Out-of-bounds read in Blender 3.0.0 through 5.1.2 allows an attacker to crash the application or disclose heap memory co
Same weakness CWE-191 – Integer Underflow
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today