[Bug 2052014] CVE-2022-0545 blender: Out-of-bounds memory access in IMB_flipy() due to large image dimensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2052014
Ben Beasley <code(a)musicinmybrain.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |CURRENTRELEASE
Version|34 |35
Status|NEW |CLOSED
Last Closed| |2022-04-08 16:06:50
--- Comment #3 from Ben Beasley <code(a)musicinmybrain.net> ---
Sorry, I mixed this up with bug 2052010 for CVE-2022-0546. Corrected analysis
is below.
https://nvd.nist.gov/vuln/detail/CVE-2022-0545
https://developer.blender.org/T94629
Based on upstream git, the fix is included in 3.1.0 and later releases (F35,
F36, F37), and in 2.93.8 final (F34), so it appears that this is already
resolved in current Fedora releases.
commit e07f16776bca5e9494e6b143170f31d5eeb160ce
Author: Jesse Yurkovich <jesse.y(a)gmail.com>
Date: Thu Jan 6 21:35:04 2022 -0800
Fix T94629: The IMB_flip API would fail with large images
Fix IMB_flip[xy] to handle cases where integer overflow might occur when
given sufficiently large image dimensions.
All of these fixes were of a similar class where the intermediate
sub-expression would overflow silently. Widen the types as necessary.
Differential Revision: https://developer.blender.org/D13744
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052014