First Last Prev Next    This bug is not in your last search results.
Bug 1195738 - (CVE-2022-0546) VUL-0: CVE-2022-0546: blender: Out-of-bounds memory access due to malformed HDR image file
(CVE-2022-0546)
VUL-0: CVE-2022-0546: blender: Out-of-bounds memory access due to malformed H...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Hans-Peter Jansen
Security Team bot
https://smash.suse.de/issue/323057/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-09 15:50 UTC by Carlos López
Modified: 2022-03-06 17:28 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-02-09 15:50:48 UTC 
rh#2052008

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Upstream issue:
https://developer.blender.org/T94572

Upstream patch:
https://developer.blender.org/D11952

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2052008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0546
Comment 1 Carlos López 2022-02-09 15:51:58 UTC 
Affected:
 - openSUSE:Backports:SLE-15-SP3
 - openSUSE:Backports:SLE-15-SP4
 - openSUSE:Factory
Comment 2 Hans-Peter Jansen 2022-02-10 15:51:36 UTC 
Hi Carlos, 

thanks for the heads-up.

I noticed, that the fix wasn't applied to the blender-v3.0-release branche and left a comment in Blenders Diffusion.

Will try to reach consensus and a timely resolution.
Comment 3 Hans-Peter Jansen 2022-03-06 17:28:30 UTC 
Fixed with https://build.opensuse.org/request/show/956029
Comment 4 Hans-Peter Jansen 2022-03-06 17:28:50 UTC 
closing..
First Last Prev Next    This bug is not in your last search results.