Blender: >> Blender >> 2.37 Security Vulnerabilities
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-24
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-02-24
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
CVSS Score
3.3
EPSS Score
0.001
Published
2014-04-27
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
CVSS Score
6.9
EPSS Score
0.001
Published
2008-04-28
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
CVSS Score
9.3
EPSS Score
0.026
Published
2007-03-03