CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

Published: Feb 24, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-0544
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

CWEs:

CWE-191

Affected Software
References

Software	From	Fixed in
blender / blender	3.0	3.1
blender / blender	2.90.0	2.93.8
blender / blender	-	2.83.19
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x

https://developer.blender.org/T94661
https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html
https://www.debian.org/security/2022/dsa-5176

Vulnerability Database

289,697

CVE-2022-0544