Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Blender Subscribe
Filtered by product Blender
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2905 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2904 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2903 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2902 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2901 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2907 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
CVE-2017-2908 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.
CVE-2017-2918 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
CVE-2009-3850 1 Blender 1 Blender 2018-10-10 9.3 HIGH N/A
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
CVE-2008-1102 1 Blender 1 Blender 2017-08-07 6.8 MEDIUM N/A
Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.
CVE-2008-1103 1 Blender 1 Blender 2017-08-07 6.9 MEDIUM N/A
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
CVE-2007-1253 1 Blender 1 Blender 2017-07-28 9.3 HIGH N/A
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
CVE-2008-4863 1 Blender 1 Blender 2010-04-14 6.9 MEDIUM N/A
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
CVE-2005-3302 1 Blender 1 Blender 2008-09-05 7.5 HIGH N/A
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
CVE-2005-3151 1 Blender 1 Blender 2008-09-05 7.5 HIGH N/A
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.