Blender
By the Year
In 2024 there have been 0 vulnerabilities in Blender . Blender did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 6 | 7.27 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 21 | 7.80 |
It may take a day or so for new Blender vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Blender Security Vulnerabilities
A flaw was found in Blender 3.3.0
CVE-2022-2831
7.5 - High
- August 16, 2022
A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
Out-of-bounds Read
A flaw was found in Blender 3.3.0
CVE-2022-2832
7.5 - High
- August 16, 2022
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
Use of NullPointerException Catch to Detect NULL Pointer Dereference
Endless Infinite loop in Blender-thumnailing due to logical bugs.
CVE-2022-2833
7.5 - High
- August 16, 2022
Endless Infinite loop in Blender-thumnailing due to logical bugs.
Infinite Loop
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability
CVE-2022-0545
7.8 - High
- February 24, 2022
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
Integer Overflow or Wraparound
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly
CVE-2022-0544
5.5 - Medium
- February 24, 2022
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
Integer underflow
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access
CVE-2022-0546
7.8 - High
- February 24, 2022
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the way
CVE-2017-12105
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c
CVE-2017-12081
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite
CVE-2017-12082
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite
CVE-2017-12086
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c
CVE-2017-12099
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c
CVE-2017-12100
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c
CVE-2017-12101
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons
CVE-2017-12102
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the way
CVE-2017-12103
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object
CVE-2017-12104
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2899
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2900
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2901
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2902
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2903
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2904
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2905
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2906
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2907
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c
CVE-2017-2908
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.
Integer Overflow or Wraparound
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c
CVE-2017-2918
7.8 - High
- April 24, 2018
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
Integer Overflow or Wraparound
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier
CVE-2010-5105
- April 27, 2014
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
insecure temporary file
Eval injection vulnerability in bvh_import.py in Blender 2.36
CVE-2005-3302
- October 24, 2005
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
Code Injection
