CVE-2008-4863 — Blender vulnerability

7 documents7 sources

Severity

6.9MEDIUMNVD

EPSS

0.2%

top 59.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blender Debian Blender

Timeline

PublishedNov 1

Latest updateMay 17

Description

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/blender< blender 2.46+dfsg-5 (bookworm)

▶Debianblender/blender< 2.46+dfsg-5+2

▶NVDblender/blender2.46

🔴Vulnerability Details

GHSA

GHSA-9j9h-289m-795w: Untrusted search path vulnerability in BPY_interface in Blender 2↗2022-05-17

▶

OSV

CVE-2008-4863: Untrusted search path vulnerability in BPY_interface in Blender 2↗2008-11-01

▶

📋Vendor Advisories

Ubuntu

Blender vulnerabilities↗2008-12-22

▶

Debian

CVE-2008-4863: blender - Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows loca...↗2008

▶

Red Hat

blender: untrusted python modules search path↗

▶

💬Community

Bugzilla

CVE-2008-4863 blender: untrusted python modules search path↗2008-11-03

▶