Integer Overflow Vulnerability in Blender's Mesh Loading Functionality
CVE-2017-12082

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
11 January 2018

What is CVE-2017-12082?

An integer overflow vulnerability has been identified in the Blender open-source 3D creation suite, specifically within the 'CustomData' Mesh loading functionality. By leveraging a specially crafted external data file associated with a .blend file, an attacker can exploit this flaw to trigger a buffer overflow, potentially allowing for arbitrary code execution in the context of the application. This vulnerability requires an unsuspecting user to modify an object within their Scene, thereby inadvertently executing malicious payloads hidden within the .blend library.

Affected Version(s)

Blender v2.78c

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.