http://bugzilla.opensuse.org/show_bug.cgi?id=1090836 Bug ID: 1090836 Summary: VUL-0: Multiple Unpatched Vulnerabilities in Blender Identified Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/204840/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kbabioch@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- TALOS-2017-0406 - Blender Sequencer imb_loadtiff Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .tiff file loading functionality of Blender. TALOS-2017-0407 - Blender Sequencer imb_loadpng Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .png file loading functionality of Blender. TALOS-2017-0408 - Blender Sequencer imb_loadiris Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .iris file loading functionality of Blender. TALOS-2017-0409 - Blender Sequencer dpxOpen Buffer Overflow Code Execution Vulnerability An buffer overflow vulnerability in the .cin DPX loading functionality of Blender. TALOS-2017-0410 - Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .cin DPX loading functionality of Blender. TALOS-2017-0411 - Blender Sequencer imb_loadhdr Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .hdr RADIANCE loading functionality of Blender. TALOS-2017-0412 - Blender Sequencer imb_bmp_decode Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the .bmp file loading functionality of Blender. TALOS-2017-0413 - Blender Sequencer imb_get_anim_type Streams Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the animation playing functionality of .avi files in Blender. TALOS-2017-0414 - Blender Sequencer avi_format_convert Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the animation playing functionality of .avi files in Blender. TALOS-2017-0415 - Blender Directory Browsing Thumbnail Viewer Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the directory browser thumbnail viewer functionality of Blender. TALOS-2017-0425 - Blender BKE_image_acquire_ibuf Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the image loading functionality of Blender. TALOS-2017-0433 - Blender vcol_to_fcol Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the upgrade functionality of a legacy Mesh attribute within a .blend file. TALOS-2017-0434 - Blender Object CustomData_external_read Integer Overflow Code Execution Vulnerability. An integer overflow vulnerability in the way Blender handles the `CustomData` layer from a `Mesh` object within .blend file. TALOS-2017-0438 - Blender BKE_mesh_calc_normals_tessface Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender fixes the normals within a `Mesh` object when loading an older version of a .blend file. TALOS-2017-0451 - Blender customData_add_layer__internal Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the upgrade functionality for the legacy Mesh attribute `tface`. TALOS-2017-0452 - Blender multires_load_old_dm base vertex map Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender handles opening older file versions contains the `Multires` structure. TALOS-2017-0453 - Blender modifier_mdef_compact_influences Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender handles opening older file versions contains the `bindcos` structure. TALOS-2017-0454 - Blender BKE_curve_bevelList_make Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender converts curves to polygons. TALOS-2017-0455 - Blender BKE_vfont_to_curve_ex Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender converts text rendered as a font into a curve. TALOS-2017-0456 - Blender draw_new_particle_system PART_DRAW_AXIS Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender draws a Particle object. TALOS-2017-0457 - Blender mesh_calc_modifiers eModifierTypeType_OnlyDeform Integer Overflow Code Execution Vulnerability An integer overflow vulnerability in the way Blender applies a particular object modifier to a Mesh. References: https://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html#more -- You are receiving this mail because: You are on the CC list for the bug.