Bug ID | 1090836 |
---|---|
Summary | VUL-0: Multiple Unpatched Vulnerabilities in Blender Identified |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
URL | https://smash.suse.de/issue/204840/ |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | kbabioch@suse.com |
QA Contact | security-team@suse.de |
Found By | Security Response Team |
Blocker | --- |
TALOS-2017-0406 - Blender Sequencer imb_loadtiff Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .tiff file loading functionality of Blender. TALOS-2017-0407 - Blender Sequencer imb_loadpng Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .png file loading functionality of Blender. TALOS-2017-0408 - Blender Sequencer imb_loadiris Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .iris file loading functionality of Blender. TALOS-2017-0409 - Blender Sequencer dpxOpen Buffer Overflow Code Execution Vulnerability An buffer overflow vulnerability in the .cin DPX loading functionality of Blender. TALOS-2017-0410 - Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .cin DPX loading functionality of Blender. TALOS-2017-0411 - Blender Sequencer imb_loadhdr Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .hdr RADIANCE loading functionality of Blender. TALOS-2017-0412 - Blender Sequencer imb_bmp_decode Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .bmp file loading functionality of Blender. TALOS-2017-0413 - Blender Sequencer imb_get_anim_type Streams Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the animation playing functionality of .avi files in Blender. TALOS-2017-0414 - Blender Sequencer avi_format_convert Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the animation playing functionality of .avi files in Blender. TALOS-2017-0415 - Blender Directory Browsing Thumbnail Viewer Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the directory browser thumbnail viewer functionality of Blender. TALOS-2017-0425 - Blender BKE_image_acquire_ibuf Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the image loading functionality of Blender. TALOS-2017-0433 - Blender vcol_to_fcol Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the upgrade functionality of a legacy Mesh attribute within a .blend file. TALOS-2017-0434 - Blender Object CustomData_external_read Integer Overflow Code Execution Vulnerability. An integer overflow vulnerability in the way Blender handles the `CustomData` layer from a `Mesh` object within .blend file. TALOS-2017-0438 - Blender BKE_mesh_calc_normals_tessface Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender fixes the normals within a `Mesh` object when loading an older version of a .blend file. TALOS-2017-0451 - Blender customData_add_layer__internal Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the upgrade functionality for the legacy Mesh attribute `tface`. TALOS-2017-0452 - Blender multires_load_old_dm base vertex map Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender handles opening older file versions contains the `Multires` structure. TALOS-2017-0453 - Blender modifier_mdef_compact_influences Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender handles opening older file versions contains the `bindcos` structure. TALOS-2017-0454 - Blender BKE_curve_bevelList_make Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender converts curves to polygons. TALOS-2017-0455 - Blender BKE_vfont_to_curve_ex Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender converts text rendered as a font into a curve. TALOS-2017-0456 - Blender draw_new_particle_system PART_DRAW_AXIS Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender draws a Particle object. TALOS-2017-0457 - Blender mesh_calc_modifiers eModifierTypeType_OnlyDeform Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender applies a particular object modifier to a Mesh. References: https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html#more