Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Blender Subscribe
Total 36 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-5105 1 Blender 1 Blender 2023-02-12 3.3 LOW N/A
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
CVE-2022-2832 1 Blender 1 Blender 2023-02-12 N/A 7.5 HIGH
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
CVE-2017-12081 2 Blender, Debian 2 Blender, Debian Linux 2023-02-03 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
CVE-2017-12101 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
CVE-2017-12100 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
CVE-2017-12102 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
CVE-2017-12082 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.
CVE-2017-12086 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
CVE-2017-12099 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
CVE-2017-12105 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
CVE-2017-12104 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
CVE-2017-12103 2 Blender, Debian 2 Blender, Debian Linux 2023-02-02 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
CVE-2022-0544 2 Blender, Debian 2 Blender, Debian Linux 2023-01-18 2.6 LOW 5.5 MEDIUM
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-2831 1 Blender 1 Blender 2022-09-01 N/A 7.5 HIGH
A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
CVE-2022-2833 1 Blender 1 Blender 2022-08-18 N/A 7.5 HIGH
Endless Infinite loop in Blender-thumnailing due to logical bugs.
CVE-2022-0546 3 Blender, Debian, Fedoraproject 4 Blender, Debian Linux, Extra Packages For Enterprise Linux and 1 more 2022-07-27 5.1 MEDIUM 7.8 HIGH
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
CVE-2022-0545 2 Blender, Debian 2 Blender, Debian Linux 2022-07-25 5.1 MEDIUM 7.8 HIGH
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2017-2906 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
CVE-2017-2900 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2899 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.