CVSS: 6.8EPSS: 29%CPEs: 1EXPL: 0CVE-2008-1102
https://notcve.org/view.php?id=CVE-2008-1102
Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. Desbordamiento de búfer basado en pila en la función imb_loadhdr de Blender 2.45 permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un fichero .blend que contiene imágenes Radiance RGBE manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29818 http://secunia.com/advisories/29957 http://secunia.com/advisories/30097 http://secunia.com/advisories/30151 http://secunia.com/advisories/30272 http://secunia.com/secunia_research/2008-16/advisory http://www.debian.org/security/2008/dsa-1567 http://www.gentoo.org/security/en/glsa/glsa-200805-12.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:204 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2007-1253
https://notcve.org/view.php?id=CVE-2007-1253
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. Vulnerabilidad de inyección de evaluación en el (a) Script para Blender 0.1.9h kmz_ImportWithMesh.py tal y como se usa en (b) Blender versiones anteriores a 2.43, permite a usuarios remotos con la ayuda del usuario ejecutar código Pyton de su elección importando un fichero manipulado (1) KML ó (2) KMZ. • http://osvdb.org/33836 http://secunia.com/advisories/24232 http://secunia.com/advisories/24233 http://secunia.com/advisories/24991 http://secunia.com/secunia_research/2007-39/advisory http://secunia.com/secunia_research/2007-40/advisory http://security.gentoo.org/glsa/glsa-200704-19.xml http://www.securityfocus.com/bid/22770 http://www.securitytracker.com/id?1017714 http://www.vupen.com/english/advisories/2007/0798 https://exchange.xforce.ibmcloud.com/vulnerabilities/32778 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2005-3302 – Blender 2.36 - '.BVF' File Import Python Code Execution
https://notcve.org/view.php?id=CVE-2005-3302
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. • https://www.exploit-db.com/exploits/27728 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895 http://secunia.com/advisories/19754 http://www.debian.org/security/2006/dsa-1039 http://www.securityfocus.com/bid/17663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3151
https://notcve.org/view.php?id=CVE-2005-3151
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. • http://secunia.com/advisories/17013 http://www.securiteam.com/exploits/5BP0T2KGVA.html http://www.securityfocus.com/bid/14983 •