{"id":"MGASA-2024-0088","summary":"Updated curaengine & blender packages fix security vulnerability","details":"stb_image.h v2.27 was discovered to contain an integer overflow via the\nfunction stbi__jpeg_decode_block_prog_dc. This vulnerability allows\nattackers to cause a Denial of Service (DoS) via unspecified vectors.\n(CVE-2022-28041)\n","modified":"2026-02-01T14:27:55.005185Z","published":"2024-03-25T21:37:52Z","related":["CVE-2022-28041"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0088.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30366"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SEQGDVH43YW7AG7TRU2CTU5TMIYP27WP/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OHTD76NDEN77KCPI3XGGK2VVSA25WWEG/"},{"type":"REPORT","url":"https://www.blender.org/download/lts/3-3/"}],"affected":[{"package":{"name":"curaengine","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/curaengine?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.12.1-3.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0088.json"}},{"package":{"name":"blender","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/blender?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.16-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0088.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}