Blender : Security Vulnerabilities, CVEs, (Code Execution)
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
Max CVSS
9.3
EPSS Score
4.06%
Published
2009-11-06
Updated
2018-10-10
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
Max CVSS
6.9
EPSS Score
0.09%
Published
2008-11-01
Updated
2010-04-15
Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.
Max CVSS
6.8
EPSS Score
28.86%
Published
2008-04-22
Updated
2017-08-08
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
Max CVSS
7.5
EPSS Score
2.24%
Published
2005-12-22
Updated
2018-10-19
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.
Max CVSS
7.5
EPSS Score
0.08%
Published
2005-10-05
Updated
2008-09-05
5 vulnerabilities found