CVE-2022-2832 — Use of NullPointerException Catch to Detect NULL Pointer Dereference in Blender

CWE-395 — Use of NullPointerException Catch to Detect NULL Pointer Dereference CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blender Debian Blender

Timeline

PublishedAug 16

Latest updateAug 17

Description

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/blender

▶CVEListV5blender/blenderBlender 3.3.0

▶NVDblender/blender3.3.0

Patches

Patch: developer.blender.org ↗Patch: developer.blender.org ↗Patch: developer.blender.org ↗

🔴Vulnerability Details

GHSA

GHSA-jw85-mc7h-c36v: When rendering with headless builds, show an error instead of crashing↗2022-08-17

▶

OSV

CVE-2022-2832: A flaw was found in Blender 3↗2022-08-16

▶

📋Vendor Advisories

Red Hat

blender: Null pointer reference in blender thumbnail extractor↗2022-08-16

▶

Debian

CVE-2022-2832: blender - A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/b...↗2022

▶