CVE-2007-1253

Blender < 2.43 - Remote Code Execution via Crafted KML/KMZ File Import

Title source: llm
STIX 2.1

Description

Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.

References (11)

Core 11
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24233
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22770
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24991
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32778
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0798
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24232
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200704-19.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33836
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017714

Scores

EPSS 0.0268
EPSS Percentile 84.0%

Details

CWE
CWE-94
Status published
Products (4)
blender/blender 2.25
blender/blender 2.36
blender/blender 2.37a
blender/blender < 2.42a
Published Mar 03, 2007
Tracked Since Feb 18, 2026