Blender: >> Blender >> 2.78c Security Vulnerabilities
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-04-24
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-04-24
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-04-24
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
CVSS Score
6.9
EPSS Score
0.001
Published
2008-04-28
Page 3