CVE-2007-1253
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
03/03/2007
Last modified:
09/04/2025
Description
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:blender:blender:*:*:*:*:*:*:*:* | 2.42a (including) | |
| cpe:2.3:a:blender:blender:2.25:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blender:blender:2.36:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blender:blender:2.37a:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/33836
- http://secunia.com/advisories/24232
- http://secunia.com/advisories/24233
- http://secunia.com/advisories/24991
- http://secunia.com/secunia_research/2007-39/advisory/
- http://secunia.com/secunia_research/2007-40/advisory/
- http://security.gentoo.org/glsa/glsa-200704-19.xml
- http://www.securityfocus.com/bid/22770
- http://www.securitytracker.com/id?1017714=
- http://www.vupen.com/english/advisories/2007/0798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32778
- http://osvdb.org/33836
- http://secunia.com/advisories/24232
- http://secunia.com/advisories/24233
- http://secunia.com/advisories/24991
- http://secunia.com/secunia_research/2007-39/advisory/
- http://secunia.com/secunia_research/2007-40/advisory/
- http://security.gentoo.org/glsa/glsa-200704-19.xml
- http://www.securityfocus.com/bid/22770
- http://www.securitytracker.com/id?1017714=
- http://www.vupen.com/english/advisories/2007/0798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32778