Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-0545

Опубликовано: 24 фев. 2022
Источник: debian
EPSS Низкий

Описание

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
blenderfixed3.1.2+dfsg-1package

Примечания

  • Issue: https://developer.blender.org/T94629

  • Patch: https://developer.blender.org/D13744

  • https://developer.blender.org/rB82858ca3f4e6dc6f840af9306c350900abd491fc (v3.1.0)

  • https://developer.blender.org/rBe07f16776bca5e9494e6b143170f31d5eeb160ce (v2.93.8)

  • https://developer.blender.org/rB63fdcbb5889e31b5f07d8d5c8e923cc57900fe1b (v2.83.19)

EPSS

Процентиль: 50%
0.0027
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-0545

CVSS3: 7.8
ubuntu
больше 3 лет назад

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

nvd логотип

CVE-2022-0545

CVSS3: 7.8
nvd
больше 3 лет назад

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

github логотип

GHSA-vwmp-5fxw-2gwj

CVSS3: 7.8
github
больше 3 лет назад

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

fstec логотип

BDU:2022-05849

CVSS3: 8.8
fstec
больше 3 лет назад

Уязвимость функции IMB_flipy() компонента source/blender/imbuf/intern/rotate.c набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

redos логотип

ROS-20240826-23

CVSS3: 8.8
redos
10 месяцев назад

Множественные уязвимости OpenImageIO

EPSS

Процентиль: 50%
0.0027
Низкий