https://bugzilla.redhat.com/show_bug.cgi?id=2052018
Bug ID: 2052018 Summary: blender: Out-of-bounds memory access due to malformed DDS image file Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: mcascell@redhat.com CC: design-devel@lists.fedoraproject.org, kwizart@gmail.com, luya_tfz@thefinalzone.net, negativo17@gmail.com, promac@gmail.com Blocks: 2052005 Target Milestone: --- Classification: Other
An integer underflow in the DDS loader of Blender 3.1.0 Alpha and older leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file.
Upstream issue: https://developer.blender.org/T94661
Upstream commits: https://developer.blender.org/rB0ac83d05d7cccec436bb939e0aa768f6a3d77d72 https://developer.blender.org/rBbbad834f1c2a1f7030ed9741c486b23241e8885e https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
Mauro Matteo Cascella mcascell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2052019, 2052020
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2052019 [Bug 2052019] blender: Out-of-bounds memory access due to malformed DDS image file [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2052020 [Bug 2052020] blender: Out-of-bounds memory access due to malformed DDS image file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
--- Comment #1 from Mauro Matteo Cascella mcascell@redhat.com --- Created blender tracking bugs for this issue:
Affects: epel-all [bug 2052019] Affects: fedora-all [bug 2052020]
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
--- Comment #3 from Product Security DevOps Team prodsec-dev@redhat.com --- This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |UPSTREAM Last Closed| |2022-02-08 15:14:04
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
--- Comment #4 from Mauro Matteo Cascella mcascell@redhat.com --- Similar flaws were found and reported by Cisco Talos in 2017. For more information, see https://developer.blender.org/T52924 and https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html.
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2022-0544 Summary|blender: Out-of-bounds |CVE-2022-0544 blender: |memory access due to |Out-of-bounds memory access |malformed DDS image file |due to malformed DDS image | |file
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2052113
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
Mauro Matteo Cascella mcascell@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |blender 2.83.19, blender | |2.93.8, blender 3.1
https://bugzilla.redhat.com/show_bug.cgi?id=2052018
--- Doc Text *updated* by Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file.
https://bugzilla.redhat.com/show_bug.cgi?id=2052018 Bug 2052018 depends on bug 2052020, which changed state.
Bug 2052020 Summary: CVE-2022-0544 blender: Out-of-bounds memory access due to malformed DDS image file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2052020
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE
https://bugzilla.redhat.com/show_bug.cgi?id=2052018 Bug 2052018 depends on bug 2052019, which changed state.
Bug 2052019 Summary: CVE-2022-0544 blender: Out-of-bounds memory access due to malformed DDS image file [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2052019
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
design-devel@lists.fedoraproject.org