CVE-2022-2831 — Integer Overflow or Wraparound in Blender

CWE-190 — Integer Overflow or Wraparound CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blender Debian Blender

Timeline

PublishedAug 16

Latest updateAug 17

Description

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/blender< blender 3.2.2+dfsg-1 (bookworm)

▶Debianblender/blender< 3.2.2+dfsg-1+1

▶CVEListV5blender/blenderBlender 3.3.0

▶NVDblender/blender3.3.0

Patches

Patch: developer.blender.org ↗Patch: developer.blender.org ↗Patch: developer.blender.org ↗

🔴Vulnerability Details

GHSA

GHSA-96cr-xqmm-9cj3: A loaded (and valid) image can be crafted such that an out-of-bounds read or write occurs when the image converted to thumbnail that is flipped vertic↗2022-08-17

▶

OSV

CVE-2022-2831: A flaw was found in Blender 3↗2022-08-16

▶

📋Vendor Advisories

Debian

CVE-2022-2831: blender - A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendt...↗2022

▶