CVE-2009-3850

Description

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

How to fix CVE-2009-3850

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/blender—no fix listed

Is CVE-2009-3850 being exploited?

Moderate — EPSS is 11.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-3850