CVE-2022-0544: 
NixOS vulnerability analysis and mitigation

CVE-2022-0544 is a security vulnerability discovered in Blender's DDS (DirectDraw Surface) image loader. The vulnerability was identified on January 5, 2022, and affects Blender versions prior to 2.83.19, 2.93.8, and 3.1. The flaw involves an integer underflow condition in the DDS loader component that can lead to an out-of-bounds read vulnerability (Blender Bug).

The vulnerability stems from an integer underflow in the DDS loader at source/blender/imbuf/intern/dds/DirectDrawSurface.cpp:1117. The size calculation assumes the total stream size is larger than the DDS header (128 Bytes). When processing a file with a valid header but a file size smaller than 128 bytes, the uint size underflows to 0xffffffff. This large size bypasses the bounds check in mem_read() at source/blender/imbuf/intern/dds/Stream.cpp:87 due to another integer overflow (Blender Bug). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

The out-of-bounds read vulnerability could potentially allow an attacker to read sensitive data from memory. This could be used to bypass security mechanisms such as stack cookies or pointer encryption. The vulnerability is triggered when processing specially crafted DDS image files (Blender Bug).

The vulnerability has been fixed in Blender versions 2.83.19, 2.93.8, and 3.1. Users are advised to upgrade to these or later versions. For Debian systems, fixes have been released in version 2.79.b+dfsg0-1~deb9u2 for Debian 9 (stretch), version 2.79.b+dfsg0-7+deb10u1 for Debian 10 (buster), and version 2.83.5+dfsg-5+deb11u1 for Debian 11 (bullseye) (Debian Security).