CVE-2022-2831 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Blender	Blender	3.3.0

Related Weaknesses (CWE)

CWE-787 CWE-190 CWE-125

References

https://developer.blender.org/T99705ExploitPatchVendor Advisory
https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2PatchVendor Advisory
https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535PatchVendor Advisory
https://developer.blender.org/T99705ExploitPatchVendor Advisory
https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2PatchVendor Advisory
https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535PatchVendor Advisory

FAQ

What is CVE-2022-2831?

CVE-2022-2831 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

How severe is CVE-2022-2831?

CVE-2022-2831 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2831?

Check the references section above for vendor advisories and patch information. Affected products include: Blender Blender.