Headline
CVE-2022-2831: rBb1329d7eaa52
A loaded (and valid) image can be crafted such that an out-of-bounds read or write occurs when the image converted to thumbnail that is flipped vertically. Crash occured in source/blender/blendthumb/src/blendthumb_extract.cc
Fix T99705: fix integer overflow in thumbnail extractor
It was smart enough to check if the buffer had the right
size but neglected to cast to a 64 bit value so it
overflowed.
Differential Revision: https://developer.blender.org/D15457
Reviewed By: brecht