https://bugzilla.redhat.com/show_bug.cgi?id=2052012
Bug ID: 2052012
Summary: blender: Out-of-bounds memory access in IMB_flipy()
due to large image dimensions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: mcascell(a)redhat.com
CC: design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Blocks: 2052005
Target Milestone: ---
Classification: Other
An integer overflow in the processing of loaded 2D images leads to a
write-what-where vulnerability and an out-of-bounds read vulnerability,
allowing an attacker to leak sensitive information or achieve code execution in
the context of the Blender process when a specially crafted image file is
loaded.
Upstream issue:
https://developer.blender.org/T94629
Upstream patch:
https://developer.blender.org/D13744
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052012