Skip to main content

Blender

7 CVEs product

Monthly

CVE-2026-60103 MEDIUM PATCH This Month

Out-of-bounds read in Blender 3.0.0 through 5.1.2 allows an attacker to crash the application or disclose heap memory contents by convincing a user to open a specially crafted .blend file containing a malicious member_index value in the SDNA block. The vulnerability stems from missing bounds validation on a signed short index used directly as an array subscript in sdna_expand_names(), enabling both denial-of-service via SIGSEGV and limited heap memory disclosure. No public exploit code or active exploitation has been identified at time of analysis, but the file-based attack vector makes social engineering a realistic delivery mechanism.

Buffer Overflow Information Disclosure Blender
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2022-2833 HIGH POC PATCH This Week

Endless Infinite loop in Blender-thumnailing due to logical bugs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Blender
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-2832 HIGH POC PATCH This Week

A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Blender
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-2831 HIGH POC PATCH This Week

A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Blender
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0546 HIGH PATCH This Week

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow RCE Buffer Overflow Blender +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-0545 HIGH PATCH This Week

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Blender Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-0544 MEDIUM This Month

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Blender Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Out-of-bounds read in Blender 3.0.0 through 5.1.2 allows an attacker to crash the application or disclose heap memory contents by convincing a user to open a specially crafted .blend file containing a malicious member_index value in the SDNA block. The vulnerability stems from missing bounds validation on a signed short index used directly as an array subscript in sdna_expand_names(), enabling both denial-of-service via SIGSEGV and limited heap memory disclosure. No public exploit code or active exploitation has been identified at time of analysis, but the file-based attack vector makes social engineering a realistic delivery mechanism.

Buffer Overflow Information Disclosure Blender
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Endless Infinite loop in Blender-thumnailing due to logical bugs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Blender
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Blender
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Blender
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy