Description
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/07/13
Issue Tracking x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/06/3
Various Sources x_refsource_misc
https://developer.blender.org/T22509
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00047.html
Scores
EPSS
0.0034
EPSS Percentile
25.8%
Details
CWE
CWE-59
Status
published
Products (1)
blender/blender
< 2.63a
Published
Apr 27, 2014
Tracked Since
Feb 18, 2026