What is CVE-2022-0544?

CVE-2022-0544 is a vulnerability in Blender that allows an attacker to read sensitive data using a crafted DDS image file.

Which versions of Blender are affected by CVE-2022-0544?

Blender versions prior to 2.83.19, 2.93.8, and 3.1 are affected by CVE-2022-0544.

How can an attacker exploit CVE-2022-0544?

An attacker can exploit CVE-2022-0544 by using a crafted DDS image file to trigger an integer underflow in the DDS loader of Blender, leading to an out-of-bounds read and the potential for reading sensitive data.

What is the severity of CVE-2022-0544?

CVE-2022-0544 has a severity score of 5.5, which is considered medium.

How can I fix CVE-2022-0544 in Blender?

To fix CVE-2022-0544, you should update Blender to version 2.83.19, 2.93.8, or 3.1 or apply the corresponding security patches provided by the Blender project or your Linux distribution.

Vulnerability/
CVE-2022-0544

medium

5.5

CWE

191 125

24/2/2022

2/8/2024

CVE-2022-0544: Integer Underflow

First published: Thu Feb 24 2022(Updated: )

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

Credit: bressers@elastic.co

Affected Software	Affected Version	How to fix
Blender Blender	<2.83.19
Blender Blender	>=2.90.0<2.93.8
Blender Blender	>=3.0<3.1
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
debian/blender		2.79.b+dfsg0-7+deb10u1 2.83.5+dfsg-5+deb11u1 3.4.1+dfsg-2 3.6.2+dfsg-2

Remedy

https://developer.blender.org/T94661

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-0544?
CVE-2022-0544 is a vulnerability in Blender that allows an attacker to read sensitive data using a crafted DDS image file.
Which versions of Blender are affected by CVE-2022-0544?
Blender versions prior to 2.83.19, 2.93.8, and 3.1 are affected by CVE-2022-0544.
How can an attacker exploit CVE-2022-0544?
An attacker can exploit CVE-2022-0544 by using a crafted DDS image file to trigger an integer underflow in the DDS loader of Blender, leading to an out-of-bounds read and the potential for reading sensitive data.
What is the severity of CVE-2022-0544?
CVE-2022-0544 has a severity score of 5.5, which is considered medium.
How can I fix CVE-2022-0544 in Blender?
To fix CVE-2022-0544, you should update Blender to version 2.83.19, 2.93.8, or 3.1 or apply the corresponding security patches provided by the Blender project or your Linux distribution.

collector/nvd-index
collector/security-tracker-debian
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/author
agent/remedy
agent/weakness
agent/first-publish-date
agent/description
agent/tags
agent/event
vendor/blender
canonical/blender blender
version/blender blender/2.90.0
version/blender blender/3.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.