Integer Overflow Vulnerability in Blender's Curve to Polygon Conversion
CVE-2017-12102

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2017-12102?

An integer overflow vulnerability exists in the Blender open-source 3D creation suite, specifically in the conversion of curves to polygons. When a specially crafted .blend file is processed, it can lead to a buffer overflow, enabling the execution of arbitrary code within the context of the application. Attackers can exploit this vulnerability by convincing users to open a malicious .blend file or incorporate it as a library, posing significant risks to system integrity.

Affected Version(s)

Blender v2.78c

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.