Описание
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
Ссылки
- Issue TrackingPatchVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.8 High
CVSS3
5.1 Medium
CVSS2
Дефекты
Связанные уязвимости
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
An integer overflow in the processing of loaded 2D images leads to a w ...
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
Уязвимость функции IMB_flipy() компонента source/blender/imbuf/intern/rotate.c набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
7.8 High
CVSS3
5.1 Medium
CVSS2