Integer Overflow Vulnerability in Blender Open-Source 3D Creation Suite
CVE-2017-2904
8.8HIGH
What is CVE-2017-2904?
An integer overflow vulnerability is present in the RADIANCE loading functionality of the Blender open-source 3D creation suite version 2.78c. This vulnerability can be exploited by using a specially crafted '.hdr' file that causes an integer overflow, leading to a buffer overflow. As a result, this allows potential code execution within the context of the application. Attackers may trick users into loading the malicious file as an asset within the sequencer, triggering this security flaw.
Affected Version(s)
Blender v2.78c
