The vulnerability of the software used to create 3D computer graphics in Blender relates to integer overflow during the processing of .blend files. This allows an attacker to execute code within the application context.

The vulnerability of Blender’s software for creating three-dimensional computer graphics is related to errors during the conversion of curves into polygons, which can lead to integer overflow. Exploiting this vulnerability allows an attacker to execute code within the application using a speciall...

UBUNTU-CVE-2017-2918

An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An...

PT-2018-3112 · Blender +1 · Blender +1

Name of the Vulnerable Software and Affected Versions: Blender version 2.78c Description: An integer overflow exists in the way Blender converts text rendered as a font into a curve, allowing for a buffer overflow that can enable code execution under the context of the application. This can be...

PT-2018-3110 · Blender +1 · Blender +1

Name of the Vulnerable Software and Affected Versions: Blender version 2.78c Description: An integer overflow exists in the 'multires load old dm' functionality, allowing a buffer overflow that can enable code execution under the context of the application. This can be triggered by a specially...

Fedora 14 : blender-2.49b-14.fc14 (2011-8474)

Fix CVS-2009-3850. This issue allow the execution of embedded python code in .blend files Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

Ubuntu 5.10 : blender vulnerability (USN-238-2)

Damian Put discovered that Blender did not properly validate a 'length' value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges o...

GLSA-200601-08 : Blender: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-200601-08 Blender: Heap-based buffer overflow Damian Put has reported a flaw due to an integer overflow in the 'getbhead' function, leading to a heap overflow when processing malformed '.blend' files. Impact : A remote attacker...

USN-238-2: Blender vulnerability

Damian Put discovered that Blender did not properly validate a 'length' value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges o...