Cisco Blogs
Share

Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified

- January 11, 2018 - 1 Comment

Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since it’s free and open-source software. However, this also make it an attractive target for adversaries to audit and find vulnerabilities. Given the user base of Blender, exploiting these vulnerabilities to compromise a user could have a significant impact as attackers could use the foothold gained by attacking Blender to further compromise an organization’s network.

Today, Talos is disclosing multiple vulnerabilities that have been identified in Blender. These vulnerabilities could allow an attacker to execute arbitrary code on an affected host running Blender. A user who opens a specially crafted file in Blender that is designed to trigger one of these vulnerabilities could be exploited and compromised.

Talos has responsibly disclosed these vulnerabilities to Blender in an attempt to ensure they are addressed. However, Blender has declined to address them stating that “fixing these issues one by one is also a waste of time.” As a result, there currently is no software update that addresses these vulnerabilities. Additionally, Blender developers believe that “opening a file with Blender should be considered like opening a file with the Python interpreter, you have [to trust] the source it is coming from.”

Read More >>

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

1 Comments

  1. Brecht is one of our core developers, but he clearly expresses a personal statement here. I have been in mail contact with Cisco about it, and in the last mail an engineer offered to help us with it. We take vulnerabilities serious, but when there are no simple answers or actions we just have to give it time to solve well. Ton Roosendaal Blender Foundation

Share