Lucene search

GoogleOSV:CVE-2022-0544

HistoryFeb 24, 2022 - 7:15 p.m.

CVE-2022-0544

2022-02-2419:15:09

Google

osv.dev

blender

integer underflow

dds loader

unauthorized access

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

50.7%

JSON

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

References

developer.blender.org/T94661

lists.debian.org/debian-lts-announce/2022/06/msg00021.html

www.debian.org/security/2022/dsa-5176