CVE-2008-1103 — Link Following in Blender

CWE-59 — Link Following11 documents6 sources

Severity

6.9MEDIUMNVD

NVD3.3

EPSS

0.1%

top 75.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blender Debian Blender

Timeline

PublishedApr 28

Latest updateMay 17

Description

Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/blender< blender 2.40-1 (bookworm)+1

▶Debianblender/blender< 2.40-1+2

▶NVDblender/blender2.63a

🔴Vulnerability Details

GHSA

GHSA-6645-m42r-vrq8: The undo save quit routine in the kernel in Blender 2↗2022-05-17

▶

GHSA

GHSA-7hh3-qcf7-cr5r: Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues↗2022-05-01

▶

OSV

CVE-2010-5105: The undo save quit routine in the kernel in Blender 2↗2014-04-27

▶

OSV

CVE-2008-1103: Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues↗2008-04-28

▶

📋Vendor Advisories

Debian

CVE-2010-5105: blender - The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allo...↗2010

▶

Debian

CVE-2008-1103: blender - Multiple unspecified vulnerabilities in Blender have unknown impact and attack v...↗2008

▶

Red Hat

Blender insecure temporary file usage↗

▶

💬Community

Bugzilla

CVE-2010-5105 blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine↗2012-09-06

▶

Bugzilla

CVE-2008-1103 Blender insecure temporary file usage↗2008-04-28

▶