CVE-2022-2831

Name of the Vulnerable Software and Affected Versions Blender version 3.3.0

Description A flaw in the software may cause an integer overflow in the blendthumb extract.cc file, potentially leading to a program crash or memory corruption. Specifically, when a loaded and valid image is crafted to trigger an out-of-bounds read or write when converted to a thumbnail that is flipped vertically, it may cause a crash.

Recommendations For Blender version 3.3.0, consider avoiding the use of the blendthumb extract.cc function until a patch is available, or refrain from converting crafted images to thumbnails to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.