CVE-2022-2831

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
Configurations

Configuration 1 (hide)

cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*

History

01 Sep 2022, 21:15

Type Values Removed Values Added
Summary A loaded (and valid) image can be crafted such that an out-of-bounds read or write occurs when the image converted to thumbnail that is flipped vertically. Crash occured in source/blender/blendthumb/src/blendthumb_extract.cc A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

18 Aug 2022, 18:04

Type Values Removed Values Added
CWE CWE-787
CWE-125
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*
References (MISC) https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535 - (MISC) https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535 - Patch, Vendor Advisory
References (MISC) https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2 - (MISC) https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2 - Patch, Vendor Advisory
References (MISC) https://developer.blender.org/T99705 - (MISC) https://developer.blender.org/T99705 - Exploit, Patch, Vendor Advisory

16 Aug 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-16 21:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-2831

Mitre link : CVE-2022-2831

CVE.ORG link : CVE-2022-2831


JSON object : View

Products Affected

blender

  • blender
CWE
CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

CWE-190

Integer Overflow or Wraparound