Out-of-Bounds Heap Access in Blender Image Loader
CVE-2022-0546

7.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 February 2022

What is CVE-2022-0546?

A missing bounds check in the image loader of Blender 3.x and 2.93.8 can lead to out-of-bounds heap access. This flaw allows attackers to exploit the vulnerability, potentially causing memory corruption, denial of service, and in some cases, gaining the ability to execute arbitrary code. It is critical for users to apply the security updates to mitigate these risks.

Affected Version(s)

Blender Blender 3.x and 2.93.8

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.