CVE-2022-2832
CVE-2022-2832 is a high-severity vulnerability in Blender with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-395.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- EPSS exploit prediction: 1% (70th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-395
- Affected product: Blender
- Published:
- Last modified:
Description
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
Frequently asked questions
- What is CVE-2022-2832?
- A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
- How severe is CVE-2022-2832?
- CVE-2022-2832 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2022-2832 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (70th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-2832?
- CVE-2022-2832 affects Blender. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-2832?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2022-2832 published?
- CVE-2022-2832 was published on 2022-08-16 and last updated on 2026-06-17.
References
- https://developer.blender.org/D15463
- https://developer.blender.org/T99706
- https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c
Affected products (1)
- cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*
More vulnerabilities in Blender
- CVE-2009-3850 — Critical (CVSS 9.3): Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains…
- CVE-2007-1253 — Critical (CVSS 9.3): Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before…
- CVE-2022-0546 — High (CVSS 7.8): A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing…
- CVE-2022-0545 — High (CVSS 7.8): An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an…
- CVE-2017-2918 — High (CVSS 7.8): An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite…
- CVE-2017-2908 — High (CVSS 7.8): An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite…
Other CWE-395 vulnerabilities
- CVE-2025-58142 — Critical (CVSS 9.8): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to…
- CVE-2025-27466 — Critical (CVSS 9.8): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to…
- CVE-2025-15514 — High (CVSS 7.5): Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal…
- CVE-2024-27661 — Medium (CVSS 6.5): D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability…
- CVE-2024-27659 — Medium (CVSS 6.5): D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability…
- CVE-2024-27658 — Medium (CVSS 6.5): D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability…