CVE-2008-4863

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
blenderblender
2.46
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
blender
bullseye (security)
2.83.5+dfsg-5+deb11u1
fixed
bullseye
2.83.5+dfsg-5+deb11u1
fixed
bookworm
3.4.1+dfsg-2
fixed
sid
4.2.3+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
blender
intrepid
Fixed 2.46+dfsg-4ubuntu0.1
released
hardy
Fixed 2.45-4ubuntu1.1
released
gutsy
Fixed 2.44-2ubuntu2.1
released
dapper
Fixed 2.41-1ubuntu4.1
released
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
http://security.gentoo.org/glsa/glsa-201001-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:038
http://www.openwall.com/lists/oss-security/2008/10/27/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
http://security.gentoo.org/glsa/glsa-201001-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:038
http://www.openwall.com/lists/oss-security/2008/10/27/1