An integer underflow in the DDS loader of Blender 3.1.0 Alpha and older leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. Upstream issue: https://developer.blender.org/T94661 Upstream commits: https://developer.blender.org/rB0ac83d05d7cccec436bb939e0aa768f6a3d77d72 https://developer.blender.org/rBbbad834f1c2a1f7030ed9741c486b23241e8885e https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816
Created blender tracking bugs for this issue: Affects: epel-all [bug 2052019] Affects: fedora-all [bug 2052020]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Similar flaws were found and reported by Cisco Talos in 2017. For more information, see https://developer.blender.org/T52924 and https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html.