Blender Open Source 3D Suite Vulnerability in Mesh Attribute Upgrade
CVE-2017-12099

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2017-12099?

A vulnerability exists in the Blender open-source 3D creation suite due to an integer overflow in the upgrade process of the legacy Mesh attribute 'tface'. A specially crafted .blend file could exploit this condition, potentially leading to a buffer overflow. Successful exploitation may allow an attacker to execute arbitrary code under the context of the application. Users are advised to handle .blend files cautiously and keep their software updated to mitigate risks associated with this vulnerability.

Affected Version(s)

Blender v2.78c

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.