Blender
by Blender
Source repositories
CVEs (29)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2901 | 0.00 | — | 0.01 | Apr 24, 2018 | An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||
| CVE-2017-2906 | 0.00 | — | 0.01 | Apr 24, 2018 | An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | ||
| CVE-2017-2904 | 0.00 | — | 0.01 | Apr 24, 2018 | An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||
| CVE-2010-5105 | 0.00 | — | 0.00 | Apr 27, 2014 | The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. | ||
| CVE-2008-4863 | 0.00 | — | 0.00 | Nov 1, 2008 | Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. | ||
| CVE-2008-1103 | 0.00 | — | 0.00 | Apr 28, 2008 | Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." | ||
| CVE-2008-1102 | 0.00 | — | 0.05 | Apr 22, 2008 | Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. | ||
| CVE-2007-1253 | 0.00 | — | 0.03 | Mar 3, 2007 | Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. | ||
| CVE-2005-3151 | 0.00 | — | 0.01 | Oct 5, 2005 | Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. |
Page 2 of 2