Filtered by vendor Blender
Subscriptions
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-12102 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | ||||
CVE-2017-12101 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | ||||
CVE-2017-12100 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | ||||
CVE-2017-12099 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | ||||
CVE-2017-12086 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | ||||
CVE-2017-12082 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. | ||||
CVE-2017-12081 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | ||||
CVE-2010-5105 | 1 Blender | 1 Blender | 2024-11-21 | N/A |
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. | ||||
CVE-2009-3850 | 1 Blender | 1 Blender | 2024-11-21 | N/A |
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA. | ||||
CVE-2008-4863 | 1 Blender | 1 Blender | 2024-11-21 | N/A |
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. | ||||
CVE-2008-1103 | 1 Blender | 1 Blender | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." | ||||
CVE-2008-1102 | 1 Blender | 1 Blender | 2024-11-21 | N/A |
Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. | ||||
CVE-2007-1253 | 1 Blender | 1 Blender | 2024-11-21 | N/A |
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. | ||||
CVE-2005-4470 | 1 Blender | 1 Blenloader | 2024-11-21 | N/A |
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. | ||||
CVE-2005-3302 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | N/A |
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. | ||||
CVE-2005-3151 | 1 Blender | 1 Blender | 2024-11-21 | N/A |
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. |