CVE Vulnerabilities

CVE-2022-0544

Integer Underflow (Wrap or Wraparound)

Published: Feb 24, 2022 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

Weakness

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Affected Software

Name Vendor Start Version End Version
Blender Blender * 2.83.19 (excluding)
Blender Blender 2.90.0 (including) 2.93.8 (excluding)
Blender Blender 3.0 (including) 3.1 (excluding)
Blender Ubuntu bionic *
Blender Ubuntu impish *
Blender Ubuntu kinetic *
Blender Ubuntu lunar *
Blender Ubuntu trusty *
Blender Ubuntu xenial *

References