Integer Overflow Vulnerability in Blender's TIFF Loading Functionality
CVE-2017-2899

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
11 January 2018

What is CVE-2017-2899?

An integer overflow vulnerability exists within the TIFF loading functionality of Blender, particularly in version 2.78c. This vulnerability arises when a specially crafted '.tif' file is processed, leading to an integer overflow and subsequent buffer overflow. Successful exploitation of this vulnerability may allow attackers to execute arbitrary code in the context of the Blender application. Users are at risk if they are tricked into using this malicious file as an asset through Blender's sequencer function.

Affected Version(s)

Blender v2.78c

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.