Bug ID 1090836
Summary VUL-0: Multiple Unpatched Vulnerabilities in Blender Identified
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
URL https://smash.suse.de/issue/204840/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter kbabioch@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

TALOS-2017-0406 - Blender Sequencer imb_loadtiff Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the .tiff file loading functionality
of Blender.
    TALOS-2017-0407 - Blender Sequencer imb_loadpng Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the .png file loading functionality of
Blender.
    TALOS-2017-0408 - Blender Sequencer imb_loadiris Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the .iris file loading functionality
of Blender.
    TALOS-2017-0409 - Blender Sequencer dpxOpen Buffer Overflow Code Execution
Vulnerability
    An buffer overflow vulnerability in the .cin DPX loading functionality of
Blender.
    TALOS-2017-0410 - Blender Sequencer imb_load_dpx_cineon Integer Overflow
Code Execution Vulnerability
    An integer overflow vulnerability in the .cin DPX loading functionality of
Blender.
    TALOS-2017-0411 - Blender Sequencer imb_loadhdr Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the .hdr RADIANCE loading
functionality of Blender.
    TALOS-2017-0412 - Blender Sequencer imb_bmp_decode Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the .bmp file loading functionality of
Blender.
    TALOS-2017-0413 - Blender Sequencer imb_get_anim_type Streams Integer
Overflow Code Execution Vulnerability
    An integer overflow vulnerability in the animation playing functionality of
.avi files in Blender.
    TALOS-2017-0414 - Blender Sequencer avi_format_convert Integer Overflow
Code Execution Vulnerability
    An integer overflow vulnerability in the animation playing functionality of
.avi files in Blender.
    TALOS-2017-0415 - Blender Directory Browsing Thumbnail Viewer Integer
Overflow Code Execution Vulnerability
    An integer overflow vulnerability in the directory browser thumbnail viewer
functionality of Blender.
    TALOS-2017-0425 - Blender BKE_image_acquire_ibuf Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the image loading functionality of
Blender.
    TALOS-2017-0433 - Blender vcol_to_fcol Integer Overflow Code Execution
Vulnerability
    An integer overflow vulnerability in the upgrade functionality of a legacy
Mesh attribute within a .blend file.
    TALOS-2017-0434 - Blender Object CustomData_external_read Integer Overflow
Code Execution Vulnerability.
    An integer overflow vulnerability in the way Blender handles the
`CustomData` layer from a `Mesh` object within .blend file.
    TALOS-2017-0438 - Blender BKE_mesh_calc_normals_tessface Integer Overflow
Code Execution Vulnerability
    An integer overflow vulnerability in the way Blender fixes the normals
within a `Mesh` object when loading an older version of a .blend file.
    TALOS-2017-0451 - Blender customData_add_layer__internal Integer Overflow
Code Execution Vulnerability
    An integer overflow vulnerability in the upgrade functionality for the
legacy Mesh attribute `tface`.
    TALOS-2017-0452 - Blender multires_load_old_dm base vertex map Integer
Overflow Code Execution Vulnerability
    An integer overflow vulnerability in the way Blender handles opening older
file versions contains the `Multires` structure.
    TALOS-2017-0453 - Blender modifier_mdef_compact_influences Integer Overflow
Code Execution Vulnerability
    An integer overflow vulnerability in the way Blender handles opening older
file versions contains the `bindcos` structure.
    TALOS-2017-0454 - Blender BKE_curve_bevelList_make Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the way Blender converts curves to
polygons.
    TALOS-2017-0455 - Blender BKE_vfont_to_curve_ex Integer Overflow Code
Execution Vulnerability
    An integer overflow vulnerability in the way Blender converts text rendered
as a font into a curve.
    TALOS-2017-0456 - Blender draw_new_particle_system PART_DRAW_AXIS Integer
Overflow Code Execution Vulnerability
    An integer overflow vulnerability in the way Blender draws a Particle
object.
    TALOS-2017-0457 - Blender mesh_calc_modifiers eModifierTypeType_OnlyDeform
Integer Overflow Code Execution Vulnerability
    An integer overflow vulnerability in the way Blender applies a particular
object modifier to a Mesh.


References:
https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html#more

You are receiving this mail because: