Lucene search

GoogleOSV:CVE-2022-0546

HistoryFeb 24, 2022 - 7:15 p.m.

CVE-2022-0546

2022-02-2419:15:09

Google

osv.dev

blender

image loader

bounds check

code execution

denial of service

memory corruption

cve-2022-0546

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

54.0%

JSON

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

References

developer.blender.org/T94572

lists.debian.org/debian-lts-announce/2022/06/msg00021.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/

www.debian.org/security/2022/dsa-5176