MEDIUM
blender
CVE published 2026-07-13
CVE-2026-60103
CVE-2026-60103 is an out-of-bounds read vulnerability in Blender 3.0.0 through 5.1.2. Attackers can trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The vulnerability exists in the sdna_expand_names() function, where the member_index field is used as an array index into the sdna->members[] array without boun [truncated]