Vulnerabilities (CVE)

Filtered by vendor Blender Subscribe
Filtered by product Blender
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3302 2 Blender, Debian 2 Blender, Debian Linux 2024-02-14 7.5 HIGH N/A
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
CVE-2022-2832 1 Blender 1 Blender 2024-02-04 N/A 7.5 HIGH
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
CVE-2022-2831 1 Blender 1 Blender 2024-02-04 N/A 7.5 HIGH
A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
CVE-2022-2833 1 Blender 1 Blender 2024-02-04 N/A 7.5 HIGH
Endless Infinite loop in Blender-thumnailing due to logical bugs.
CVE-2022-0544 1 Blender 1 Blender 2024-02-04 2.6 LOW 5.5 MEDIUM
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0546 3 Blender, Debian, Fedoraproject 4 Blender, Debian Linux, Extra Packages For Enterprise Linux and 1 more 2024-02-04 5.1 MEDIUM 7.8 HIGH
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
CVE-2017-2902 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2908 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.
CVE-2017-12103 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
CVE-2017-12104 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
CVE-2017-2906 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
CVE-2017-2901 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2904 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-12086 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
CVE-2017-12082 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.
CVE-2017-2903 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2900 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2899 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2905 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-12105 2 Blender, Debian 2 Blender, Debian Linux 2024-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.