Debian Security Advisory
DLA-3060-1 blender -- LTS security update
- Date Reported:
- 28 Jun 2022
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2022-0544, CVE-2022-0545, CVE-2022-0546.
- More information:
Several issues have been found in blender, a very fast and versatile 3D modeller/renderer.
An out-of-bounds heap access due to missing checks in the image loader could result in denial of service, memory corruption or potentially code execution.
An integer overflow while processing 2d images might result in a write-what-where vulnerability or an out-of-bounds read vulnerability which could leak sensitive information or achieve code execution.
Crafted DDS image files could create an integer underflow in the DDS loader which leads to an out-of-bounds read and might leak sensitive information.
For Debian 9 stretch, these problems have been fixed in version 2.79.b+dfsg0-1~deb9u2.
We recommend that you upgrade your blender packages.
For the detailed security status of blender please refer to its security tracker page at: https://security-tracker.debian.org/tracker/blender
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS