uzairakbar/blender
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| = 3.3.0 | 7.5 HIGH | — | ||
A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption. | ||||
| = 3.3.0 | 7.5 HIGH | — | ||
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity. | ||||
| = 3.3.0 | 7.5 HIGH | — | ||
Endless Infinite loop in Blender-thumnailing due to logical bugs. | ||||
| >= 3.0, < 3.1, >= 2.90.0, < 2.93.8, < 2.83.19 | 5.5 MEDIUM | 2.6 LOW | ||
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. | ||||
| >= 2.90.0, < 2.93.8, < 2.83.19, >= 3.0.0, < 3.1.0 | 7.8 HIGH | 5.1 MEDIUM | ||
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. | ||||
| = 2.93.8, = 3.0 | 7.8 HIGH | 5.1 MEDIUM | ||
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. | ||||