Integer Overflow Issue in Blender by the Blender Foundation
CVE-2017-2918

8.8HIGH

Key Information:

Vendor

Blender

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2017-2918?

An integer overflow vulnerability exists in the image loading functionality of Blender v2.78c. An attacker can create a specially crafted .blend file that, when opened by a user, triggers the overflow, potentially leading to a buffer overflow and allowing remote code execution in the context of the application. Users are advised to avoid opening untrusted .blend files and to update to the latest secure version of Blender.

Affected Version(s)

Blender v2.78c

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.