CVE-2017-2901

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow, which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this issue.

Recommendations For version 2.78c, consider avoiding the use of specially crafted '.iris' files to minimize the risk of exploitation. As a temporary workaround, restrict the loading of IRIS files in the sequencer until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.