Integer Overflow Vulnerability in Blender's 3D Creation Suite
CVE-2017-12100

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2017-12100?

An integer overflow vulnerability exists in the 'multires_load_old_dm' functionality of Blender's version 2.78c. When a specially crafted .blend file is opened by a user, this vulnerability may trigger a buffer overflow, which can lead to arbitrary code execution within the context of the application. Attackers may exploit this flaw by tricking victims into opening malicious files.

Affected Version(s)

Blender v2.78c (32-bit)

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.