CVE-2022-0545
- Source
- https://cve.org/CVERecord?id=CVE-2022-0545
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0545.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-0545
- Downstream
- Related
- Published
- 2022-02-24T19:15:09.760Z
- Modified
- 2026-04-17T09:14:31.491054385Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
- References
Affected packages
Git / github.com/blender/blender
Affected ranges
- Type
- GIT
- Repo
- https://github.com/blender/blender
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.83.19" }, { "introduced": "2.90.0" }, { "fixed": "2.93.8" }, { "introduced": "3.0.0" }, { "fixed": "3.1.0" } ] }
Affected versions
v2.*
v2.25
v2.26
v2.28
v2.28a
v2.28c
v2.30
v2.31
v2.31a
v2.32
v2.33
v2.33a
v2.34
v2.35
v2.35a
v2.37
v2.37a
v2.40
v2.42
v2.42a
v2.43
v2.44
v2.48
v2.48a
v2.55
v2.56a
v2.57
v2.57a
v2.57b
v2.58
v2.58a
v2.59
v2.60
v2.63
v2.66
v2.70-rc
v2.71-rc1
v2.72-rc1
v2.73-rc1
v2.74-rc1
v2.83
v2.83.1
v2.83.10
v2.83.12
v2.83.13
v2.83.14
v2.83.15
v2.83.16
v2.83.17
v2.83.18
v2.83.2
v2.83.3
v2.83.4
v2.83.5
v2.83.6
v2.83.6.1
v2.83.7
v2.83.8
v2.83.9
v2.93.0
v2.93.1
v2.93.2
v2.93.3
v2.93.4
v2.93.5
v2.93.6
v2.93.7
Database specific
vanir_signatures
[
{
"digest": {
"length": 979.0,
"function_hash": "161412462493676655162831838872195101415"
},
"id": "CVE-2022-0545-99b905fa",
"signature_version": "v1",
"source": "https://github.com/blender/blender/commit/c77597cd0e15f9d7b6f963593b545cc94950eb8d",
"signature_type": "Function",
"target": {
"function": "sculpt_undo_geometry_restore_data",
"file": "source/blender/editors/sculpt_paint/sculpt_undo.c"
},
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"124043090402698535792582219829702258639",
"291399862714107792492370666230809677084",
"19780911924126066182472616114708630776",
"52788336479705262444171463252782941809",
"180136656472081687867564524359903073902",
"208647502420360741357835349339771405644",
"331397288112833657229470003807514440165",
"205577027148405797478355135906222874377"
]
},
"id": "CVE-2022-0545-9f9ab928",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/blender/blender/commit/c77597cd0e15f9d7b6f963593b545cc94950eb8d",
"target": {
"file": "source/blender/editors/sculpt_paint/sculpt_undo.c"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0545.json"
vanir_signatures_modified
"2026-04-12T09:22:01Z"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
}
]