CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2832 – blender: Null pointer reference in blender thumbnail extractor
https://notcve.org/view.php?id=CVE-2022-2832
16 Aug 2022 — A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity. Se ha encontrado un fallo en Blender 3.3.0. Existe una desviación de puntero nulo en source/blender/gpu/opengl/gl_backend.cc que puede conducir a la pérdida de confidencialidad e integridad OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional,... • https://developer.blender.org/D15463 • CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2833
https://notcve.org/view.php?id=CVE-2022-2833
16 Aug 2022 — Endless Infinite loop in Blender-thumnailing due to logical bugs. Un Bucle Infinito en Blender-thumnailing debido a bugs lógicos. • https://developer.blender.org/T99711 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2831
https://notcve.org/view.php?id=CVE-2022-2831
16 Aug 2022 — A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption. Se ha encontrado un fallo en Blender 3.3.0. Un desbordamiento de interger en source/blender/blendthumb/src/blendthumb_extract.cc puede llevar a la caída del programa o a la corrupción de la memoria • https://developer.blender.org/T99705 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0546 – Gentoo Linux Security Advisory 202403-02
https://notcve.org/view.php?id=CVE-2022-0546
24 Feb 2022 — A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. Una comprobación de límites ausente en el cargador de imágenes usado en Blender versiones 3.x y 2.93.8, conlleva a un acceso a la pila fuera de límites, permitiendo a un atacante causar una denegación de servicio, corrupción de memoria o potencialmente una ejecución de código Multiple vulnerabilities ha... • https://developer.blender.org/T94572 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0545 – Gentoo Linux Security Advisory 202403-02
https://notcve.org/view.php?id=CVE-2022-0545
24 Feb 2022 — An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. Un desbordamiento de enteros en el procesamiento de imágenes 2D cargadas conlleva a una vulnerabilidad de escritura y lectura fuera de límit... • https://developer.blender.org/T94629 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-0544 – Gentoo Linux Security Advisory 202403-02
https://notcve.org/view.php?id=CVE-2022-0544
24 Feb 2022 — An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. Un desbordamiento de enteros en el cargador DDS de Blender conlleva a una lectura fuera de límites, permitiendo posiblemente a un atacante leer datos confidenciales usando un archivo de imagen DDS diseñado. Este fallo afecta a Blender versiones anteriores a 2.83.19, 2.93.8 y ... • https://developer.blender.org/T94661 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2017-12081 – Debian Security Advisory 4248-1
https://notcve.org/view.php?id=CVE-2017-12081
24 Apr 2018 — An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. Existe un desbordamiento de enteros explotable en la actualización de un atributo Mesh heredado de l... • https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2017-12082 – Debian Security Advisory 4248-1
https://notcve.org/view.php?id=CVE-2017-12082
24 Apr 2018 — An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. Existe un desbordamiento de enteros explotable en la funcio... • https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2017-12086 – Debian Security Advisory 4248-1
https://notcve.org/view.php?id=CVE-2017-12086
24 Apr 2018 — An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. Existe un desbordamiento de enteros explotable en la funcionalidad 'BKE_mesh_calc_normals_tessface' de la suite d... • https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2017-12099 – Debian Security Advisory 4248-1
https://notcve.org/view.php?id=CVE-2017-12099
24 Apr 2018 — An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. Existe un desbordamiento de enteros explotable en la actualización del atributo 'tface' de... • https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html • CWE-190: Integer Overflow or Wraparound •