Integer Overflow Vulnerability in Blender 2D Image Processing
CVE-2022-0545

7.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 February 2022

What is CVE-2022-0545?

An integer overflow vulnerability in Blender's processing of 2D images can lead to a write-what-where condition and an out-of-bounds read. This weakness permits an attacker to exploit specially crafted image files, potentially leaking sensitive information or executing code within the Blender process. Affected versions are those prior to 2.83.19, 2.93.8, and 3.1.

Affected Version(s)

Blender Blender versions prior to 2.83.19, 2.93.8 and 3.1

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.