What the vulnerability does

01Description

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

Key dates

02Disclosure timeline

February 24, 2022 CVE published
August 2, 2024 Record updated