Bug 2052018 (CVE-2022-0544)
| Summary: | CVE-2022-0544 blender: Out-of-bounds memory access due to malformed DDS image file | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | design-devel, kwizart, luya_tfz, negativo17, promac |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | blender 2.83.19, blender 2.93.8, blender 3.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-02-08 15:14:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2052019, 2052020 | ||
| Bug Blocks: | 2052005, 2052113 | ||
|
Description
Mauro Matteo Cascella
2022-02-08 14:17:36 UTC
Created blender tracking bugs for this issue: Affects: epel-all [bug 2052019] Affects: fedora-all [bug 2052020] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. Similar flaws were found and reported by Cisco Talos in 2017. For more information, see https://developer.blender.org/T52924 and https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html. |