CVE-2022-0546

2022-02-2419:15:09

Debian Security Bug Tracker

security-tracker.debian.org

blender

image loader

out-of-bounds access

denial of service

memory corruption

code execution

unix

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.0%

JSON

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

OSVersionArchitecturePackageVersionFilename
Debian12allblender< 3.1.2+dfsg-1blender_3.1.2+dfsg-1_all.deb
Debian11allblender< 2.83.5+dfsg-5+deb11u1blender_2.83.5+dfsg-5+deb11u1_all.deb
Debian999allblender< 3.1.2+dfsg-1blender_3.1.2+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	blender	< 3.1.2+dfsg-1	blender_3.1.2+dfsg-1_all.deb
Debian	11	all	blender	< 2.83.5+dfsg-5+deb11u1	blender_2.83.5+dfsg-5+deb11u1_all.deb
Debian	999	all	blender	< 3.1.2+dfsg-1	blender_3.1.2+dfsg-1_all.deb