Integer Overflow Vulnerability in Blender Open-Source 3D Creation Suite
CVE-2017-12105

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2017-12105?

An integer overflow issue exists in Blender's open-source 3D creation suite, specifically in version 2.78c. This flaw arises when applying a certain object modifier to a Mesh. When a specially crafted .blend file is processed, it can trigger an integer overflow leading to a buffer overflow condition. This may facilitate unauthorized code execution within the application context. Attackers can exploit this vulnerability by persuading users to open a malicious .blend file, thereby compromising their system security.

Affected Version(s)

Blender v2.78c (32-bit)

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.