Integer Overflow in Blender 3D Creation Suite
CVE-2017-12101

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2017-12101?

A serious integer overflow vulnerability has been identified in the 'modifier_mdef_compact_influences' feature of Blender's open-source 3D creation suite. This flaw allows an attacker to craft a specially designed .blend file that, when opened, can trigger an integer overflow, leading to a potential buffer overflow. Successful exploitation may enable the execution of arbitrary code within the context of the application. Users are encouraged to exercise caution when dealing with untrusted .blend files.

Affected Version(s)

Blender v2.78c (32-bit)

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.