CVE-2022-0545: 
NixOS vulnerability analysis and mitigation

CVE-2022-0545 is a security vulnerability discovered in Blender, affecting versions prior to 2.83.19, 2.93.8, and 3.1. The vulnerability involves an integer overflow in the processing of loaded 2D images, which was disclosed in early 2022 (Blender Issue, Debian Security).

The vulnerability stems from an integer overflow in the IMB_flipy() function located in source/blender/imbuf/intern/rotate.c. The function lacks proper bounds checking after specific operations, which can cause the 'bottomf' pointer to wrap around and point to an address before 'topf'. Through careful manipulation of image dimensions, an attacker can control where 'bottomf' points, enabling malicious data writes from the input image (Blender Issue).

The vulnerability can lead to multiple severe consequences including information leakage of sensitive data and potential code execution in the context of the Blender process. An attacker could potentially overwrite return addresses on the stack or function pointers in known memory locations (Blender Issue, Debian LTS).

The vulnerability has been patched in Blender versions 2.83.19, 2.93.8, and 3.1. Users are advised to upgrade to these or later versions. For Debian systems, fixed versions are available as 2.79.b+dfsg0-7+deb10u1 for Debian 10 (buster) and 2.83.5+dfsg-5+deb11u1 for Debian 11 (bullseye) (Debian Security).