Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2832: ⚓ T99706 Null pointer Reference in blender_headless

When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it’s possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.

CVE
#google#ubuntu

System Information
Operating system: Ubuntu 20.04.4 LTS
Graphics card: 2b:00.0 VGA compatible controller: NVIDIA Corporation TU116 [GeForce GTX 1650 SUPER] (rev a1)

Blender Version
Broken: Blender 3.3.0 Alpha branch : master, commit 3b15467e97abf473d4d25c7382999115d3169a57 Date: Thu Jul 14 16:33:21 2022 +0200

Worked: -

Short description of error
when use blender-headless that include blender
return Null ptr in option -a added

Exact steps for others to reproduce the error

  1. build blender using

  2. ./blender -b [blend file path] -s 1 -e 25 -a ./blender -b [blend file path] -a

both can reproduce null ptr reference. I think its caused by “a” options

POC video below
https://youtu.be/_ys1VEdZ3Co

POC blend file below
the blend file is regulare and produced by blender(UI) that just basic square that app basically served

both is same
https://drive.google.com/file/d/1VLDLbVASAhKm8_x8UoX-ljIspAwmaBLm/view?usp=sharing

Note
Maybe this bug occured in

source/blender/gpu/opengl/gl_backend.cc``` that include void GPBackend::platform_init()

Related news

Red Hat Security Advisory 2022-7058-01

Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.

RHSA-2022:7058: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907