{"id":"CVE-2022-0545","details":"An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.","modified":"2026-05-19T03:47:45.163553Z","published":"2022-02-24T18:27:16Z","related":["openSUSE-SU-2024:11859-1","openSUSE-SU-2025:15755-1","openSUSE-SU-2025:15756-1","openSUSE-SU-2026:10560-1"],"database_specific":{"cwe_ids":["CWE-190"],"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"Blender versions prior to 2.83.19, 2.93.8 and 3.1"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0545.json","cna_assigner":"fedora"},"references":[{"type":"WEB","url":"https://developer.blender.org/T94629"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0545.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0545"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5176"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blender/blender","events":[{"introduced":"0"},{"fixed":"86c526d2c733e2c3de0222b87cee14bc925ac308"},{"introduced":"0330d1af29c067cf309e4798f5259e01a8c3c668"},{"fixed":"09da7f489ad951eff5fc42f97a8079fafce12a89"},{"introduced":"f1cca3055776be50f59dd4fb6de3018afb53d52c"},{"fixed":"c77597cd0e15f9d7b6f963593b545cc94950eb8d"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:blender:blender:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.83.19"},{"introduced":"2.90.0"},{"fixed":"2.93.8"},{"introduced":"3.0.0"},{"fixed":"3.1.0"}]}}],"versions":["v2.93.7","v2.93.6","v2.93.5","v2.83.18","v2.93.4","v2.93.3","v2.83.17","v2.93.2","v2.93.1","v2.83.16","v2.93.0","v2.83.15","v2.83.14","v2.83.13","v2.83.12","v2.83.10","v2.83.9","v2.83.8","v2.83.7","v2.83.6.1","v2.83.6","v2.83.5","v2.83.4","v2.83.3","v2.83.2","v2.83.1","v2.83","v2.74-rc1","v2.73-rc1","v2.72-rc1","v2.71-rc1","v2.70-rc","v2.66","v2.63","v2.60","v2.59","v2.58","v2.58a","v2.57b","v2.57a","v2.57","v2.56a","v2.55","v2.48a","v2.48","v2.44","v2.43","v2.42a","v2.42","v2.40","v2.37a","v2.37","v2.35a","v2.35","v2.34","v2.33a","v2.33","v2.32","v2.31a","v2.31","v2.30","v2.28c","v2.28a","v2.28","v2.26","v2.25"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0545.json","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"CVE-2022-0545-99b905fa","digest":{"length":979,"function_hash":"161412462493676655162831838872195101415"},"signature_type":"Function","target":{"function":"sculpt_undo_geometry_restore_data","file":"source/blender/editors/sculpt_paint/sculpt_undo.c"},"source":"https://github.com/blender/blender/commit/c77597cd0e15f9d7b6f963593b545cc94950eb8d"},{"deprecated":false,"signature_version":"v1","id":"CVE-2022-0545-9f9ab928","digest":{"threshold":0.9,"line_hashes":["124043090402698535792582219829702258639","291399862714107792492370666230809677084","19780911924126066182472616114708630776","52788336479705262444171463252782941809","180136656472081687867564524359903073902","208647502420360741357835349339771405644","331397288112833657229470003807514440165","205577027148405797478355135906222874377"]},"signature_type":"Line","target":{"file":"source/blender/editors/sculpt_paint/sculpt_undo.c"},"source":"https://github.com/blender/blender/commit/c77597cd0e15f9d7b6f963593b545cc94950eb8d"}],"vanir_signatures_modified":"2026-05-19T03:47:45Z"}}],"schema_version":"1.7.5"}