Out-of-Bounds Read Vulnerability in Blender DDS Loader
CVE-2022-0544

5.5MEDIUM

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 February 2022

What is CVE-2022-0544?

A vulnerability in Blender’s DDS loader allows for an integer underflow, which can lead to an out-of-bounds read. An attacker could exploit this flaw by manipulating a DDS image file to potentially access sensitive data. The issue affects several Blender versions before 2.83.19, 2.93.8, and 3.1. Users should update to the latest versions to mitigate the risk of unauthorized data exposure.

Affected Version(s)

Blender Blender versions prior to 2.83.19, 2.93.8 and 3.1

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.