CVE-2022-0546

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-0546
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0546.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0546
Downstream
Related
Published
2022-02-24T19:15:09.807Z
Modified
2026-04-02T07:37:21.610849Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

References

Affected packages

Git / github.com/blender/blender

Affected ranges

Type
GIT
Repo
https://github.com/blender/blender
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
09da7f489ad951eff5fc42f97a8079fafce12a89
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f1cca3055776be50f59dd4fb6de3018afb53d52c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.93.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0"
        }
    ]
}

Affected versions

2.*
2.72b
v2.*
v2.25
v2.26
v2.27
v2.28
v2.28a
v2.28c
v2.30
v2.31
v2.31a
v2.32
v2.33
v2.33a
v2.34
v2.35
v2.35a
v2.36
v2.37
v2.37a
v2.40
v2.41
v2.42
v2.42a
v2.43
v2.44
v2.45
v2.46
v2.47
v2.48
v2.48a
v2.49
v2.49a
v2.49b
v2.50
v2.51
v2.52
v2.53
v2.54
v2.55
v2.56
v2.56a
v2.57
v2.57a
v2.57b
v2.58
v2.58a
v2.59
v2.60
v2.60a
v2.61
v2.63
v2.63a
v2.64
v2.64a
v2.65
v2.65a
v2.66
v2.66a
v2.67
v2.67a
v2.67b
v2.68
v2.68a
v2.69
v2.70
v2.70-rc
v2.70-rc2
v2.70a
v2.71
v2.71-rc1
v2.71-rc2
v2.72
v2.72-rc1
v2.72a
v2.72b
v2.73
v2.73-rc1
v2.73a
v2.74
v2.74-rc1
v2.74-rc2
v2.74-rc3
v2.74-rc4
v2.75
v2.75-rc1
v2.75-rc2
v2.75a
v2.76
v2.76-rc1
v2.76-rc2
v2.76-rc3
v2.76a
v2.76b
v2.77
v2.77-rc1
v2.77-rc2
v2.77a
v2.78
v2.78-rc1
v2.78-rc2
v2.78a
v2.78b
v2.78c
v2.79
v2.79-rc1
v2.79-rc2
v2.79a
v2.79b
v2.80
v2.80-rc1
v2.80-rc2
v2.80-rc3
v2.81
v2.81a
v2.82
v2.82a
v2.83
v2.83.1
v2.83.10
v2.83.12
v2.83.13
v2.83.14
v2.83.15
v2.83.16
v2.83.17
v2.83.18
v2.83.19
v2.83.2
v2.83.20
v2.83.3
v2.83.4
v2.83.5
v2.83.6
v2.83.6.1
v2.83.7
v2.83.8
v2.83.9
v2.90.0
v2.90.1
v2.91.0
v2.91.2
v2.92.0
v2.93.0
v2.93.1
v2.93.2
v2.93.3
v2.93.4
v2.93.5
v2.93.6
v2.93.7
v2.93.8
v3.*
v3.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0546.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]