2052018 – (CVE-2022-0544) CVE-2022-0544 blender: Out-of-bounds memory access due to malformed DDS image file

Bug 2052018 (CVE-2022-0544) - CVE-2022-0544 blender: Out-of-bounds memory access due to malformed DDS image file

Summary: CVE-2022-0544 blender: Out-of-bounds memory access due to malformed DDS image...

Keywords:
Status:	CLOSED UPSTREAM
Alias:	CVE-2022-0544
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2052019 2052020
Blocks:	2052005 2052113
TreeView+	depends on / blocked

Reported:	2022-02-08 14:17 UTC by Mauro Matteo Cascella
Modified:	2022-02-22 14:12 UTC (History)
CC List:	5 users (show)
Fixed In Version:	blender 2.83.19, blender 2.93.8, blender 3.1
Doc Type:	If docs needed, set a value
Doc Text:	An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file.
Clone Of:
Environment:
Last Closed:	2022-02-08 15:14:04 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mauro Matteo Cascella 2022-02-08 14:17:36 UTC

An integer underflow in the DDS loader of Blender 3.1.0 Alpha and older leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file.

Upstream issue:
https://developer.blender.org/T94661

Upstream commits:
https://developer.blender.org/rB0ac83d05d7cccec436bb939e0aa768f6a3d77d72
https://developer.blender.org/rBbbad834f1c2a1f7030ed9741c486b23241e8885e
https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816

Comment 1 Mauro Matteo Cascella 2022-02-08 14:17:54 UTC

Created blender tracking bugs for this issue:

Affects: epel-all [bug 2052019]
Affects: fedora-all [bug 2052020]

Comment 3 Product Security DevOps Team 2022-02-08 15:14:02 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Comment 4 Mauro Matteo Cascella 2022-02-08 15:35:39 UTC

Similar flaws were found and reported by Cisco Talos in 2017. For more information, see https://developer.blender.org/T52924 and https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html.

Note You need to log in before you can comment on or make changes to this bug.