Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    74 vulnerabilities by blender

    CVE-2026-60103 (GCVE-0-2026-60103)

    Vulnerability from nvd – Published: 2026-07-13 17:44 – Updated: 2026-07-13 17:44 X_Open Source
    VLAI
    Title
    Blender 3.0.0 - 5.1.2 Out-of-Bounds Read via crafted .blend SDNA block
    Summary
    Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna->members[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    blender blender Affected: 3.0.0 , ≤ 5.1.2 (semver)
    Unaffected: 968972a918b5ed2d534295b639c54449d7de11cd (git)
    Create a notification for this product.
    Date Public
    2026-07-09 00:00
    Credits
    Saad ELHARAJ VulnCheck
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "blender",
              "repo": "https://projects.blender.org/blender/blender",
              "vendor": "blender",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.2",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "968972a918b5ed2d534295b639c54449d7de11cd",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Saad ELHARAJ"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "VulnCheck"
            }
          ],
          "datePublic": "2026-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna-\u003emembers[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T17:44:14.051Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://projects.blender.org/blender/blender/pulls/161273"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://projects.blender.org/blender/blender/commit/968972a918b5ed2d534295b639c54449d7de11cd"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/blender-out-of-bounds-read-via-crafted-blend-sdna-block"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Blender 3.0.0 - 5.1.2 Out-of-Bounds Read via crafted .blend SDNA block",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-60103",
        "datePublished": "2026-07-13T17:44:14.051Z",
        "dateReserved": "2026-07-08T13:27:53.030Z",
        "dateUpdated": "2026-07-13T17:44:14.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-2833 (GCVE-0-2022-2833)

    Vulnerability from nvd – Published: 2022-08-16 19:24 – Updated: 2024-08-03 00:52
    VLAI
    Summary
    Endless Infinite loop in Blender-thumnailing due to logical bugs.
    Severity
    No CVSS data available.
    CWE
    • Infinite loop
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.3.0 Alpha
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T99711"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.3.0 Alpha"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Endless Infinite loop in Blender-thumnailing due to logical bugs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Infinite loop",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T19:24:35.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T99711"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2833",
        "datePublished": "2022-08-16T19:24:35.000Z",
        "dateReserved": "2022-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2832 (GCVE-0-2022-2832)

    Vulnerability from nvd – Published: 2022-08-16 19:26 – Updated: 2024-08-03 00:52
    VLAI
    Summary
    A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T99706"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/D15463"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-395",
                  "description": "CWE-395",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-01T21:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T99706"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/D15463"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2832",
        "datePublished": "2022-08-16T19:26:05.000Z",
        "dateReserved": "2022-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2831 (GCVE-0-2022-2831)

    Vulnerability from nvd – Published: 2022-08-16 19:21 – Updated: 2024-08-03 00:52
    VLAI
    Summary
    A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:58.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T99705"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-01T20:59:49.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T99705"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2831",
        "datePublished": "2022-08-16T19:21:14.000Z",
        "dateReserved": "2022-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:58.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0546 (GCVE-0-2022-0546)

    Vulnerability from nvd – Published: 2022-02-24 18:27 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://developer.blender.org/T94572 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.debian.org/debian-lts-announce/2022… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2022/dsa-5176 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.x and 2.93.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:45.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T94572"
              },
              {
                "name": "FEDORA-2022-d9d630891d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/"
              },
              {
                "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
              },
              {
                "name": "DSA-5176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.x and 2.93.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190-\u003eCWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T10:06:27.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T94572"
            },
            {
              "name": "FEDORA-2022-d9d630891d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/"
            },
            {
              "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
            },
            {
              "name": "DSA-5176",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "ID": "CVE-2022-0546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Blender 3.x and 2.93.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190-\u003eCWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://developer.blender.org/T94572",
                  "refsource": "MISC",
                  "url": "https://developer.blender.org/T94572"
                },
                {
                  "name": "FEDORA-2022-d9d630891d",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/"
                },
                {
                  "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
                },
                {
                  "name": "DSA-5176",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-0546",
        "datePublished": "2022-02-24T18:27:17.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:45.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0545 (GCVE-0-2022-0545)

    Vulnerability from nvd – Published: 2022-02-24 18:27 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://developer.blender.org/T94629 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2022… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2022/dsa-5176 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender versions prior to 2.83.19, 2.93.8 and 3.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T94629"
              },
              {
                "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
              },
              {
                "name": "DSA-5176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190-\u003eCWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T10:06:12.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T94629"
            },
            {
              "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
            },
            {
              "name": "DSA-5176",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "ID": "CVE-2022-0545",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190-\u003eCWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://developer.blender.org/T94629",
                  "refsource": "MISC",
                  "url": "https://developer.blender.org/T94629"
                },
                {
                  "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
                },
                {
                  "name": "DSA-5176",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-0545",
        "datePublished": "2022-02-24T18:27:16.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0544 (GCVE-0-2022-0544)

    Vulnerability from nvd – Published: 2022-02-24 18:27 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://developer.blender.org/T94661 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2022… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2022/dsa-5176 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender versions prior to 2.83.19, 2.93.8 and 3.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T94661"
              },
              {
                "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
              },
              {
                "name": "DSA-5176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191-\u003eCWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T10:06:20.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T94661"
            },
            {
              "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
            },
            {
              "name": "DSA-5176",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "ID": "CVE-2022-0544",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-191-\u003eCWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://developer.blender.org/T94661",
                  "refsource": "MISC",
                  "url": "https://developer.blender.org/T94661"
                },
                {
                  "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
                },
                {
                  "name": "DSA-5176",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-0544",
        "datePublished": "2022-02-24T18:27:15.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12105 (GCVE-0-2017-12105)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 23:50
    VLAI
    Summary
    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c (32-bit)
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c (32-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:03.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c (32-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12105",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:50:58.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2904 (GCVE-0-2017-2904)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 22:20
    VLAI
    Summary
    An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.hdr\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:24:34.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-2904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.hdr\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2904",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:20:57.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12082 (GCVE-0-2017-12082)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-17 00:06
    VLAI
    Summary
    An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the \u0027CustomData\u0027 Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:33.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12082",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the \u0027CustomData\u0027 Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12082",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:43.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12086 (GCVE-0-2017-12086)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 18:59
    VLAI
    Summary
    An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the \u0027BKE_mesh_calc_normals_tessface\u0027 functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:38.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12086",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the \u0027BKE_mesh_calc_normals_tessface\u0027 functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12086",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:59:05.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12104 (GCVE-0-2017-12104)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 21:58
    VLAI
    Summary
    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c (32-bit)
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c (32-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c (32-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12104",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:58:26.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12081 (GCVE-0-2017-12081)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-17 03:37
    VLAI
    Summary
    An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:31.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12081",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:47.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12102 (GCVE-0-2017-12102)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 16:54
    VLAI
    Summary
    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:57.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12102",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:54:15.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2901 (GCVE-0-2017-2901)

    Vulnerability from nvd – Published: 2018-04-24 19:00 – Updated: 2024-09-16 19:00
    VLAI
    Summary
    An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.iris\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:24:31.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-2901",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.iris\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2901",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:00:46.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-60103 (GCVE-0-2026-60103)

    Vulnerability from cvelistv5 – Published: 2026-07-13 17:44 – Updated: 2026-07-13 17:44 X_Open Source
    VLAI
    Title
    Blender 3.0.0 - 5.1.2 Out-of-Bounds Read via crafted .blend SDNA block
    Summary
    Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna->members[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    blender blender Affected: 3.0.0 , ≤ 5.1.2 (semver)
    Unaffected: 968972a918b5ed2d534295b639c54449d7de11cd (git)
    Create a notification for this product.
    Date Public
    2026-07-09 00:00
    Credits
    Saad ELHARAJ VulnCheck
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "blender",
              "repo": "https://projects.blender.org/blender/blender",
              "vendor": "blender",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.2",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "968972a918b5ed2d534295b639c54449d7de11cd",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Saad ELHARAJ"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "VulnCheck"
            }
          ],
          "datePublic": "2026-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna-\u003emembers[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T17:44:14.051Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Pull Request",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://projects.blender.org/blender/blender/pulls/161273"
            },
            {
              "name": "Patch Commit",
              "tags": [
                "patch"
              ],
              "url": "https://projects.blender.org/blender/blender/commit/968972a918b5ed2d534295b639c54449d7de11cd"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/blender-out-of-bounds-read-via-crafted-blend-sdna-block"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Blender 3.0.0 - 5.1.2 Out-of-Bounds Read via crafted .blend SDNA block",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-60103",
        "datePublished": "2026-07-13T17:44:14.051Z",
        "dateReserved": "2026-07-08T13:27:53.030Z",
        "dateUpdated": "2026-07-13T17:44:14.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-2832 (GCVE-0-2022-2832)

    Vulnerability from cvelistv5 – Published: 2022-08-16 19:26 – Updated: 2024-08-03 00:52
    VLAI
    Summary
    A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T99706"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/D15463"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-395",
                  "description": "CWE-395",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-01T21:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T99706"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/D15463"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2832",
        "datePublished": "2022-08-16T19:26:05.000Z",
        "dateReserved": "2022-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2833 (GCVE-0-2022-2833)

    Vulnerability from cvelistv5 – Published: 2022-08-16 19:24 – Updated: 2024-08-03 00:52
    VLAI
    Summary
    Endless Infinite loop in Blender-thumnailing due to logical bugs.
    Severity
    No CVSS data available.
    CWE
    • Infinite loop
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.3.0 Alpha
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T99711"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.3.0 Alpha"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Endless Infinite loop in Blender-thumnailing due to logical bugs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Infinite loop",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T19:24:35.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T99711"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2833",
        "datePublished": "2022-08-16T19:24:35.000Z",
        "dateReserved": "2022-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2831 (GCVE-0-2022-2831)

    Vulnerability from cvelistv5 – Published: 2022-08-16 19:21 – Updated: 2024-08-03 00:52
    VLAI
    Summary
    A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:58.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T99705"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-01T20:59:49.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T99705"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2831",
        "datePublished": "2022-08-16T19:21:14.000Z",
        "dateReserved": "2022-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:58.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0546 (GCVE-0-2022-0546)

    Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://developer.blender.org/T94572 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.debian.org/debian-lts-announce/2022… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2022/dsa-5176 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender 3.x and 2.93.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:45.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T94572"
              },
              {
                "name": "FEDORA-2022-d9d630891d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/"
              },
              {
                "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
              },
              {
                "name": "DSA-5176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender 3.x and 2.93.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190-\u003eCWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T10:06:27.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T94572"
            },
            {
              "name": "FEDORA-2022-d9d630891d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/"
            },
            {
              "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
            },
            {
              "name": "DSA-5176",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "ID": "CVE-2022-0546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Blender 3.x and 2.93.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190-\u003eCWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://developer.blender.org/T94572",
                  "refsource": "MISC",
                  "url": "https://developer.blender.org/T94572"
                },
                {
                  "name": "FEDORA-2022-d9d630891d",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/"
                },
                {
                  "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
                },
                {
                  "name": "DSA-5176",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-0546",
        "datePublished": "2022-02-24T18:27:17.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:45.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0545 (GCVE-0-2022-0545)

    Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://developer.blender.org/T94629 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2022… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2022/dsa-5176 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender versions prior to 2.83.19, 2.93.8 and 3.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T94629"
              },
              {
                "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
              },
              {
                "name": "DSA-5176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190-\u003eCWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T10:06:12.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T94629"
            },
            {
              "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
            },
            {
              "name": "DSA-5176",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "ID": "CVE-2022-0545",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190-\u003eCWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://developer.blender.org/T94629",
                  "refsource": "MISC",
                  "url": "https://developer.blender.org/T94629"
                },
                {
                  "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
                },
                {
                  "name": "DSA-5176",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-0545",
        "datePublished": "2022-02-24T18:27:16.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0544 (GCVE-0-2022-0544)

    Vulnerability from cvelistv5 – Published: 2022-02-24 18:27 – Updated: 2024-08-02 23:32
    VLAI
    Summary
    An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://developer.blender.org/T94661 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2022… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2022/dsa-5176 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    n/a Blender Affected: Blender versions prior to 2.83.19, 2.93.8 and 3.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://developer.blender.org/T94661"
              },
              {
                "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
              },
              {
                "name": "DSA-5176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191-\u003eCWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T10:06:20.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://developer.blender.org/T94661"
            },
            {
              "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
            },
            {
              "name": "DSA-5176",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "ID": "CVE-2022-0544",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Blender versions prior to 2.83.19, 2.93.8 and 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-191-\u003eCWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://developer.blender.org/T94661",
                  "refsource": "MISC",
                  "url": "https://developer.blender.org/T94661"
                },
                {
                  "name": "[debian-lts-announce] 20220628 [SECURITY] [DLA 3060-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html"
                },
                {
                  "name": "DSA-5176",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2022-0544",
        "datePublished": "2022-02-24T18:27:15.000Z",
        "dateReserved": "2022-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12105 (GCVE-0-2017-12105)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 23:50
    VLAI
    Summary
    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c (32-bit)
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c (32-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:03.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c (32-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12105",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:50:58.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2904 (GCVE-0-2017-2904)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 22:20
    VLAI
    Summary
    An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.hdr\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:24:34.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-2904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.hdr\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2904",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:20:57.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12082 (GCVE-0-2017-12082)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-17 00:06
    VLAI
    Summary
    An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the \u0027CustomData\u0027 Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:33.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12082",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the \u0027CustomData\u0027 Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12082",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:43.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12086 (GCVE-0-2017-12086)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 18:59
    VLAI
    Summary
    An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the \u0027BKE_mesh_calc_normals_tessface\u0027 functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:38.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12086",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the \u0027BKE_mesh_calc_normals_tessface\u0027 functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12086",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:59:05.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12104 (GCVE-0-2017-12104)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 21:58
    VLAI
    Summary
    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c (32-bit)
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c (32-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:20:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c (32-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12104",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:58:26.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12081 (GCVE-0-2017-12081)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-17 03:37
    VLAI
    Summary
    An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:31.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12081",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:47.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12102 (GCVE-0-2017-12102)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 16:54
    VLAI
    Summary
    An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:28:16.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:19:57.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-12102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-12102",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:54:15.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2901 (GCVE-0-2017-2901)

    Vulnerability from cvelistv5 – Published: 2018-04-24 19:00 – Updated: 2024-09-16 19:00
    VLAI
    Summary
    An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Blender Blender Affected: v2.78c
    Create a notification for this product.
    Date Public
    2018-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
              },
              {
                "name": "DSA-4248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Blender",
              "vendor": "Blender",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.78c"
                }
              ]
            }
          ],
          "datePublic": "2018-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.iris\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:24:31.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
            },
            {
              "name": "DSA-4248",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-01-11T00:00:00",
              "ID": "CVE-2017-2901",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Blender",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v2.78c"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Blender"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted \u0027.iris\u0027 file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
                },
                {
                  "name": "DSA-4248",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4248"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2901",
        "datePublished": "2018-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:00:46.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }