Vulnerabilities > Blender

DATE CVE VULNERABILITY TITLE RISK
2018-04-24 CVE-2017-12081 Integer Overflow OR Wraparound vulnerability in multiple products
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c.
6.8
2014-04-27 CVE-2010-5105 Link Following vulnerability in Blender
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file.
local
blender CWE-59
3.3
2009-11-06 CVE-2009-3850 Code Injection vulnerability in Blender
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
network
blender CWE-94
critical
9.3
2008-11-01 CVE-2008-4863 Unspecified vulnerability in Blender 2.46
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
local
blender
6.9
2008-04-28 CVE-2008-1103 Link Following vulnerability in Blender
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
local
blender CWE-59
6.9
2008-04-22 CVE-2008-1102 Buffer Errors vulnerability in Blender 2.45
Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.
network
blender CWE-119
6.8
2007-03-03 CVE-2007-1253 Code Injection vulnerability in Blender 2.25/2.36/2.37A
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
network
blender CWE-94
critical
9.3
2005-12-22 CVE-2005-4470 Integer Overflow vulnerability in Blender BlenLoader File Processing
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
network
low complexity
blender
7.5
2005-10-24 CVE-2005-3302 Unspecified vulnerability in Blender 2.36
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
network
low complexity
blender
7.5
2005-10-05 CVE-2005-3151 Buffer Overflow vulnerability in Blender 2.37A
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.
network
low complexity
blender
7.5