CVE-2022-0546
- Source
- https://cve.org/CVERecord?id=CVE-2022-0546
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0546.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-0546
- Downstream
- Related
- Published
- 2022-02-24T19:15:09.807Z
- Modified
- 2026-02-04T23:54:07.679306Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
- References
-
- https://developer.blender.org/T94572
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/
- https://developer.blender.org/T94572
- https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html
- https://www.debian.org/security/2022/dsa-5176
- https://developer.blender.org/T94572
Affected packages
Git / github.com/blender/blender
Affected ranges
- Type
- GIT
- Repo
- https://github.com/blender/blender
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
v2.*
v2.25
v2.26
v2.28
v2.28a
v2.28c
v2.30
v2.31
v2.31a
v2.32
v2.33
v2.33a
v2.34
v2.35
v2.35a
v2.37
v2.37a
v2.40
v2.42
v2.42a
v2.43
v2.44
v2.48
v2.48a
v2.55
v2.56a
v2.57
v2.57a
v2.57b
v2.58
v2.58a
v2.59
v2.60
v2.63
v2.66
v2.70-rc
v2.71-rc1
v2.72-rc1
v2.73-rc1
v2.74-rc1
v2.83
v2.92.0
v2.93.0
v2.93.1
v2.93.2
v2.93.3
v2.93.4
v2.93.5
v2.93.6
v2.93.7
v2.93.8
v3.*
v3.0.0