Blender
CVE-2022-0546
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
AnalysisAI
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. Affected products include: Blender, Fedoraproject Extra Packages For Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
Endless Infinite loop in Blender-thumnailing due to logical bugs. Rated high severity (CVSS 7.5), this vulnerability is
A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authen
A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authen
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds
Out-of-bounds read in Blender 3.0.0 through 5.1.2 allows an attacker to crash the application or disclose heap memory co
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today