Integer Overflow Vulnerability in Blender Open-Source 3D Creation Suite
CVE-2017-12104

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
11 January 2018

What is CVE-2017-12104?

An integer overflow vulnerability exists in Blender, specifically in version 2.78c, when processing Particle objects. An attacker can exploit this vulnerability through a specially crafted .blend file, leading to a potential buffer overflow that enables the execution of arbitrary code in the context of the application. Users may inadvertently trigger this vulnerability by opening such files or utilizing them as libraries, making it critical to remain vigilant and ensure that installations are updated to safeguard against potential exploitation.

Affected Version(s)

Blender v2.78c (32-bit)

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.