https://bugzilla.redhat.com/show_bug.cgi?id=2118559
Bug ID: 2118559 Summary: CVE-2022-2833 blender: Eternal loop in blender thumbnail extractor Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: saroy@redhat.com CC: code@musicinmybrain.net, design-devel@lists.fedoraproject.org, kwizart@gmail.com, luya_tfz@thefinalzone.net, negativo17@gmail.com, promac@gmail.com Target Milestone: --- Classification: Other
source/blender/blendthumb/src/blendthumb_extract.cc https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512 DDOS https://developer.blender.org/T99711
https://bugzilla.redhat.com/show_bug.cgi?id=2118559
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2117709
https://bugzilla.redhat.com/show_bug.cgi?id=2118559
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2117709 Depends On| |2118560, 2118561
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2118560 [Bug 2118560] CVE-2022-2833 blender: Eternal loop in blender thumbnail extractor [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2118561 [Bug 2118561] CVE-2022-2833 blender: Eternal loop in blender thumbnail extractor [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2118559
--- Comment #1 from Sandipan Roy saroy@redhat.com --- Created blender tracking bugs for this issue:
Affects: epel-7 [bug 2118561] Affects: fedora-all [bug 2118560]
https://bugzilla.redhat.com/show_bug.cgi?id=2118559
--- Comment #2 from Product Security DevOps Team prodsec-dev@redhat.com --- This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
https://bugzilla.redhat.com/show_bug.cgi?id=2118559
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |UPSTREAM Status|NEW |CLOSED Last Closed| |2022-09-01 16:25:58
https://bugzilla.redhat.com/show_bug.cgi?id=2118559 Bug 2118559 depends on bug 2118560, which changed state.
Bug 2118560 Summary: CVE-2022-2833 blender: Eternal loop in blender thumbnail extractor [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2118560
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=2118559 Bug 2118559 depends on bug 2118561, which changed state.
Bug 2118561 Summary: CVE-2022-2833 blender: Eternal loop in blender thumbnail extractor [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2118561
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
design-devel@lists.fedoraproject.org