Lucene search

Ubuntu.comUB:CVE-2022-0545

HistoryFeb 24, 2022 - 12:00 a.m.

CVE-2022-0545

2022-02-2400:00:00

ubuntu.com

integer overflow

2d images

write-what-where

out-of-bounds

vulnerability

blender

sensitive information

code execution

image file

version prior

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.0%

JSON

An integer overflow in the processing of loaded 2D images leads to a
write-what-where vulnerability and an out-of-bounds read vulnerability,
allowing an attacker to leak sensitive information or achieve code
execution in the context of the Blender process when a specially crafted
image file is loaded. This flaw affects Blender versions prior to 2.83.19,
2.93.8 and 3.1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchblender< anyUNKNOWN
ubuntu20.04noarchblender< anyUNKNOWN
ubuntu22.04noarchblender< anyUNKNOWN
ubuntu24.04noarchblender< anyUNKNOWN
ubuntu16.04noarchblender< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	blender	< any	UNKNOWN
ubuntu	20.04	noarch	blender	< any	UNKNOWN
ubuntu	22.04	noarch	blender	< any	UNKNOWN
ubuntu	24.04	noarch	blender	< any	UNKNOWN
ubuntu	16.04	noarch	blender	< any	UNKNOWN