VYPR

Vendor CVEs

Blender

All CVEs

36 total · sorted by risk
  • CVE-2017-2918HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.03

    An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the…

  • CVE-2017-2908HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of…

  • CVE-2017-2907HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the…

  • CVE-2017-2906HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the…

  • CVE-2017-2905HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2017-2904HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the…

  • CVE-2017-2903HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2017-2902HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2017-2901HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2017-2900HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2017-2899HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2017-12105HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution…

  • CVE-2017-12104HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of…

  • CVE-2017-12103HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution…

  • CVE-2017-12102HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2017-12101HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution…

  • CVE-2017-12100HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the…

  • CVE-2017-12099HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under…

  • CVE-2017-12086HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the…

  • CVE-2017-12082HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code…

  • CVE-2017-12081HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context…

  • CVE-2005-3302HigOct 24, 2005
    risk 0.51cvss 7.3epss 0.04

    Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

  • CVE-2009-3850Nov 6, 2009
    risk 0.04cvss epss 0.09

    Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

  • CVE-2022-2832Aug 16, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

  • CVE-2022-2833Aug 16, 2022
    risk 0.00cvss epss 0.01

    Endless Infinite loop in Blender-thumnailing due to logical bugs.

  • CVE-2022-2831Aug 16, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.

  • CVE-2022-0546Feb 24, 2022
    risk 0.00cvss epss 0.01

    A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

  • CVE-2022-0545Feb 24, 2022
    risk 0.00cvss epss 0.01

    An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially…

  • CVE-2022-0544Feb 24, 2022
    risk 0.00cvss epss 0.01

    An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

  • CVE-2010-5105Apr 27, 2014
    risk 0.00cvss epss 0.00

    The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.

  • CVE-2008-4863Nov 1, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

  • CVE-2008-1103Apr 28, 2008
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."

  • CVE-2008-1102Apr 22, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.

  • CVE-2007-1253Mar 3, 2007
    risk 0.00cvss epss 0.03

    Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.

  • CVE-2005-4470Dec 22, 2005
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which…

  • CVE-2005-3151Oct 5, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.