Bug 1195738 (CVE-2022-0546)

Summary: VUL-0: CVE-2022-0546: blender: Out-of-bounds memory access due to malformed HDR image file
Product: [openSUSE] openSUSE Tumbleweed Reporter: Carlos López <carlos.lopez>
Component: SecurityAssignee: Hans-Peter Jansen <hpj>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/323057/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos López 2022-02-09 15:50:48 UTC
rh#2052008

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Upstream issue:
https://developer.blender.org/T94572

Upstream patch:
https://developer.blender.org/D11952

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2052008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0546
Comment 1 Carlos López 2022-02-09 15:51:58 UTC
Affected:
 - openSUSE:Backports:SLE-15-SP3
 - openSUSE:Backports:SLE-15-SP4
 - openSUSE:Factory
Comment 2 Hans-Peter Jansen 2022-02-10 15:51:36 UTC
Hi Carlos, 

thanks for the heads-up.

I noticed, that the fix wasn't applied to the blender-v3.0-release branche and left a comment in Blenders Diffusion.

Will try to reach consensus and a timely resolution.
Comment 3 Hans-Peter Jansen 2022-03-06 17:28:30 UTC
Fixed with https://build.opensuse.org/request/show/956029
Comment 4 Hans-Peter Jansen 2022-03-06 17:28:50 UTC
closing..