Integer Overflow Vulnerability in Blender's Mesh Loading Functionality
CVE-2017-12082
8.8HIGH
What is CVE-2017-12082?
An integer overflow vulnerability has been identified in the Blender open-source 3D creation suite, specifically within the 'CustomData' Mesh loading functionality. By leveraging a specially crafted external data file associated with a .blend file, an attacker can exploit this flaw to trigger a buffer overflow, potentially allowing for arbitrary code execution in the context of the application. This vulnerability requires an unsuspecting user to modify an object within their Scene, thereby inadvertently executing malicious payloads hidden within the .blend library.
Affected Version(s)
Blender v2.78c
