Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna->members[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure.

Project Subscriptions

Vendors Products
Blender Subscribe
Blender Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 14 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 13 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Blender
Blender blender
Vendors & Products Blender
Blender blender

Mon, 13 Jul 2026 18:00:00 +0000

Type Values Removed Values Added
Description Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna->members[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure.
Title Blender 3.0.0 - 5.1.2 Out-of-Bounds Read via crafted .blend SDNA block
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-13T17:44:14.051Z

Reserved: 2026-07-08T13:27:53.030Z

Link: CVE-2026-60103

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-07-13T17:44:14Z

Links: CVE-2026-60103 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T19:30:04Z

Weaknesses