CVE-2007-1253
Blender < 2.43 - Remote Code Execution via Crafted KML/KMZ File Import
Title source: llmDescription
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
References (11)
Core 11
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24233
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2007-39/advisory/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22770
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24991
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32778
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0798
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2007-40/advisory/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24232
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200704-19.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33836
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1017714
Scores
EPSS
0.0268
EPSS Percentile
84.0%
Details
CWE
CWE-94
Status
published
Products (4)
blender/blender
2.25
blender/blender
2.36
blender/blender
2.37a
blender/blender
< 2.42a
Published
Mar 03, 2007
Tracked Since
Feb 18, 2026