Integer Overflow in Blender Open-Source 3D Creation Suite
CVE-2017-12103

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2017-12103?

An integer overflow vulnerability exists in Blender's processing of text rendered as a font into a curve. When a specially crafted .blend file is opened, this oversight can lead to a buffer overflow, enabling potential code execution within the context of the application. Attackers can exploit this vulnerability by persuading users to open the malicious file, thereby compromising their systems.

Affected Version(s)

Blender v2.78c

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.