Information on source package blender

Available versions

ReleaseVersion
jessie2.72.b+dfsg0-3+deb8u1
stretch2.79.b+dfsg0-1~deb9u2
buster2.79.b+dfsg0-7+deb10u1
bullseye2.83.5+dfsg-5+deb11u1
bookworm3.4.1+dfsg-2
sid4.3.0+dfsg-1

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2022-2831vulnerablefixedfixedvulnerable (no DSA)fixedfixedA flaw was found in Blender 3.3.0. An interger overflow in source/blen ...
CVE-2022-0546vulnerablefixedfixedfixedfixedfixedA missing bounds check in the image loader used in Blender 3.x and 2.9 ...
CVE-2022-0545vulnerablefixedfixedfixedfixedfixedAn integer overflow in the processing of loaded 2D images leads to a w ...
CVE-2022-0544vulnerablefixedfixedfixedfixedfixedAn integer underflow in the DDS loader of Blender leads to an out-of-b ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2022-2833vulnerablevulnerablevulnerablevulnerablefixedfixedEndless Infinite loop in Blender-thumnailing due to logical bugs.
CVE-2022-2832vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA flaw was found in Blender 3.3.0. A null pointer dereference exists i ...
CVE-2010-5105vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe undo save quit routine in the kernel in Blender 2.5, 2.63a, and ea ...
CVE-2009-3850vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableBlender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execut ...
CVE-2005-3151vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableBuffer overflow in blenderplay in Blender Player 2.37a allows attacker ...

Resolved issues

BugDescription
CVE-2017-12105An exploitable integer overflow exists in the way that the Blender ope ...
CVE-2017-12104An exploitable integer overflow exists in the way that the Blender ope ...
CVE-2017-12103An exploitable integer overflow exists in the way that the Blender ope ...
CVE-2017-12102An exploitable integer overflow exists in the way that the Blender ope ...
CVE-2017-12101An exploitable integer overflow exists in the 'modifier_mdef_compact_i ...
CVE-2017-12100An exploitable integer overflow exists in the 'multires_load_old_dm' f ...
CVE-2017-12099An exploitable integer overflow exists in the upgrade of the legacy Me ...
CVE-2017-12086An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_t ...
CVE-2017-12082An exploitable integer overflow exists in the 'CustomData' Mesh loadin ...
CVE-2017-12081An exploitable integer overflow exists in the upgrade of a legacy Mesh ...
CVE-2017-2918An exploitable integer overflow exists in the Image loading functional ...
CVE-2017-2908An exploitable integer overflow exists in the thumbnail functionality ...
CVE-2017-2907An exploitable integer overflow exists in the animation playing functi ...
CVE-2017-2906An exploitable integer overflow exists in the animation playing functi ...
CVE-2017-2905An exploitable integer overflow exists in the bmp loading functionalit ...
CVE-2017-2904An exploitable integer overflow exists in the RADIANCE loading functio ...
CVE-2017-2903An exploitable integer overflow exists in the DPX loading functionalit ...
CVE-2017-2902An exploitable integer overflow exists in the DPX loading functionalit ...
CVE-2017-2901An exploitable integer overflow exists in the IRIS loading functionali ...
CVE-2017-2900An exploitable integer overflow exists in the PNG loading functionalit ...
CVE-2017-2899An exploitable integer overflow exists in the TIFF loading functionali ...
CVE-2008-4863Untrusted search path vulnerability in BPY_interface in Blender 2.46 a ...
CVE-2008-1103Multiple unspecified vulnerabilities in Blender have unknown impact an ...
CVE-2008-1102Stack-based buffer overflow in the imb_loadhdr function in Blender 2.4 ...
CVE-2007-1253Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script f ...
CVE-2005-4470Heap-based buffer overflow in the get_bhead function in readfile.c in ...
CVE-2005-3302Eval injection vulnerability in bvh_import.py in Blender 2.36 allows a ...

Security announcements

DSA / DLADescription
DSA-5176-1blender - security update
DLA-3060-1blender - security update
DLA-1465-1blender - security update
DSA-4248-1blender - security update
DSA-1567-1blender - arbitrary code execution
DSA-1039-1blender - several

Search for package or bug name: Reporting problems