https://bugzilla.redhat.com/show_bug.cgi?id=2052008
Bug ID: 2052008
Summary: blender: Out-of-bounds memory access due to malformed
HDR image file
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: mcascell(a)redhat.com
CC: design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Blocks: 2052005
Target Milestone: ---
Classification: Other
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads
to out-of-bounds heap access, allowing an attacker to cause denial of service,
memory corruption or potentially code execution.
Upstream issue:
https://developer.blender.org/T94572
Upstream patch:
https://developer.blender.org/D11952
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052008