Bug 2052008 (CVE-2022-0546)
| Summary: | CVE-2022-0546 blender: Out-of-bounds memory access due to malformed HDR image file | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | design-devel, kwizart, luya_tfz, negativo17, promac |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-02-08 14:43:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2052009, 2052010 | ||
| Bug Blocks: | 2052005, 2052113 | ||
|
Description
Mauro Matteo Cascella
2022-02-08 14:11:33 UTC
Created blender tracking bugs for this issue: Affects: epel-all [bug 2052009] Affects: fedora-all [bug 2052010] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. Similar flaws were found and reported by Cisco Talos in 2017. For more information, see https://developer.blender.org/T52924 and https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html. |