CVE-2010-5105 — Link Following in Blender

CWE-59 — Link Following5 documents5 sources

Severity

3.3LOWNVD

OSV6.9

EPSS

0.0%

top 87.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blender Debian Blender

Timeline

PublishedApr 27

Latest updateMay 17

Description

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶NVDblender/blender2.63a

▶debiandebian/blender

🔴Vulnerability Details

GHSA

GHSA-6645-m42r-vrq8: The undo save quit routine in the kernel in Blender 2↗2022-05-17

▶

OSV

CVE-2010-5105: The undo save quit routine in the kernel in Blender 2↗2014-04-27

▶

📋Vendor Advisories

Debian

CVE-2010-5105: blender - The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allo...↗2010

▶

💬Community

Bugzilla

CVE-2010-5105 blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine↗2012-09-06

▶