CVE-2022-2831

Опубликовано: 16 авг. 2022

Источник: debian

Описание

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
blender	fixed	3.2.2+dfsg-1		package
blender	no-dsa		bullseye	package
blender	not-affected		buster	package

Примечания

https://developer.blender.org/T99705
https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2
https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535

Связанные уязвимости

CVE-2022-2831

CVSS3: 7.5

ubuntu

больше 3 лет назад

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

CVE-2022-2831

CVSS3: 7.5

nvd

больше 3 лет назад

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

GHSA-96cr-xqmm-9cj3

CVSS3: 7.5

github

больше 3 лет назад

A loaded (and valid) image can be crafted such that an out-of-bounds read or write occurs when the image converted to thumbnail that is flipped vertically. Crash occured in source/blender/blendthumb/src/blendthumb_extract.cc