CVE-2017-2899

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description The issue is caused by an integer overflow in the TIFF loading functionality. Exploitation can occur through a specially crafted '.tif' file, leading to a buffer overflow and potentially allowing code execution under the context of the application. An attacker can trigger this issue by convincing a user to use the malicious file as an asset via the sequencer.

Recommendations For version 2.78c, consider avoiding the use of specially crafted '.tif' files until a patch is available. As a temporary workaround, restrict the loading of TIFF files in the sequencer to minimize the risk of exploitation.