CVE-2022-2832

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*

History

01 Sep 2022, 21:15

Type Values Removed Values Added
Summary When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS. A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

18 Aug 2022, 18:23

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - (MISC) https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - Patch, Vendor Advisory
References (MISC) https://developer.blender.org/T99706 - (MISC) https://developer.blender.org/T99706 - Exploit, Patch, Vendor Advisory
References (MISC) https://developer.blender.org/D15463 - (MISC) https://developer.blender.org/D15463 - Patch, Vendor Advisory
CPE cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*
CWE CWE-476

16 Aug 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-16 21:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-2832

Mitre link : CVE-2022-2832

CVE.ORG link : CVE-2022-2832


JSON object : View

Products Affected

blender

  • blender
CWE
CWE-395

Use of NullPointerException Catch to Detect NULL Pointer Dereference

CWE-476

NULL Pointer Dereference