EUVD-2009-3821

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Blender versions 2.34, 2.35a, 2.40, and 2.49b allow remote code execution via malicious .blend files.

Reporter	Title	Published	Views	Family All 34
0day.today	Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection	5 Nov 200900:00	–	zdt
Circl	CVE-2009-3850	5 Nov 200900:00	–	circl
Core Security	Blender .blend Project Arbitrary Command Execution	5 Nov 200900:00	–	coresecurity
CVE	CVE-2009-3850	6 Nov 200915:00	–	cve
Cvelist	CVE-2009-3850	6 Nov 200915:00	–	cvelist
Debian CVE	CVE-2009-3850	6 Nov 200915:00	–	debiancve
Exploit DB	Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection	5 Nov 200900:00	–	exploitdb
exploitpack	Blender 2.342.35a2.42.49b - .blend Command Injection	5 Nov 200900:00	–	exploitpack
Fedora	[SECURITY] Fedora 14 Update: blender-2.49b-14.fc14	12 Jul 201122:02	–	fedora
Fedora	[SECURITY] Fedora 15 Update: blender-2.49b-16.fc15	12 Jul 201121:57	–	fedora

[
  {
    "enisaIdVendor": [
      {
        "id": "ab3b90fa-d2e3-3e77-a138-edec3c42ebad",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "66759213-fdb3-33bb-a686-ee4a005cc558",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
suse	www.suse.com/security/cve/CVE-2009-3850.html
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2009-3850
securityfocus	www.securityfocus.com/bid/36838
securityfocus	www.securityfocus.com/archive/1/507706/100/0/threaded
coresecurity	www.coresecurity.com/content/blender-scripting-injection
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6Medium risk

Vulners AI Score6

CVSS 29.3

EPSS0.09439